back to article Adobe Flash vulnerable to remote-execution exploit

Already under the gun for a critical hole in its ubiquitous Acrobat Reader, Adobe's security team has pushed out a fix for another serious vulnerability, this one in the company's Flash animation software. The remote code execution vulnerability has been confirmed in Flash for Windows and is believed to also affect versions …

COMMENTS

This topic is closed for new posts.
  1. Jan Ingvoldstad
    Alert

    Yes, Flash 10 is vulnerable.

    http://www.adobe.com/support/security/bulletins/apsb09-01.html

    The link IS in the advisory that El Reg links to, but the iDefense advisory sucks royally.

    "iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected."

    Well, that's not the latest version of Flash Player, not by a long mile. This marks down iDefense as an unreliable source for advisories in my book.

  2. Charles King
    Thumb Down

    For IE 8

    Running IE 8.0.7000 on the Win 7 beta I was unable to get Adobe's download page to install the new version (the ActiveX installation from their download page simply wouldn't start). WTG Adobe!

    Solution:

    1) D/L the flash uninstaller from

    http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157&sliceId=1

    and uninstall the old Flash ActiveX control. (IE 8 in its infinite wisdom offers no way to uninstall add-ons /rolleyes.)

    2) D/L the update for Flash CS4 Pro from

    http://www.adobe.com/support/flashplayer/downloads.html#fp10

    unzip it and run the Flash ActiveX installer from the Release directory.

    3) Curse the fact that you need to keep IE hanging around to check compatibility issues (/bitter laugh).

  3. Toastan Buttar
    Happy

    For once I'm glad...

    ...that I'm stuck using Flash 7 on a MIPS-based netbook.

    Security through obscurity (and being a bit rubbish).

  4. Anonymous Coward
    Thumb Down

    Flash? Just say NO ...

    Most flash on web pages is used to cause continual annoyance that only makes it harder to read anything else that's on the screen.

    Firefox and flashblock provides the answer. We don't see these annoyances in the first place.

    Better still would be for web sites to implement proper NoFlash web pages which would make the whole web a more user-friendly place. Except in the rare cases where the flash actually performs a useful FUNCTION -- and that does not mean unnecessary emelishments or adverts.

  5. /etc
    Thumb Down

    Anything?

    "... The vulnerability is separate from a security bug in Adobe's Acrobat Reader program that is currently under attack."

    Jeez! Does Adobe distribute anything (internet-facing) that's not "currently under attack"?

  6. Eddie Johnson
    Happy

    Hasn't been a problem for me

    Although the proxy config lines below may have been a factor:

    # =< Block Nasty Types >=======================================================

    /*.*.swf

This topic is closed for new posts.

Other stories you might like