Adobe Flash vulnerable to remote-execution exploit
Back to the articleYes, Flash 10 is vulnerable. #
Posted Wednesday 25th February 2009 01:00 GMT
http://www.adobe.com/support/security/bulletins/apsb09-01.html
The link IS in the advisory that El Reg links to, but the iDefense advisory sucks royally.
"iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected."
Well, that's not the latest version of Flash Player, not by a long mile. This marks down iDefense as an unreliable source for advisories in my book.
For IE 8 #
Posted Wednesday 25th February 2009 11:03 GMT
Running IE 8.0.7000 on the Win 7 beta I was unable to get Adobe's download page to install the new version (the ActiveX installation from their download page simply wouldn't start). WTG Adobe!
Solution:
1) D/L the flash uninstaller from
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157&sliceId=1
and uninstall the old Flash ActiveX control. (IE 8 in its infinite wisdom offers no way to uninstall add-ons /rolleyes.)
2) D/L the update for Flash CS4 Pro from
http://www.adobe.com/support/flashplayer/downloads.html#fp10
unzip it and run the Flash ActiveX installer from the Release directory.
3) Curse the fact that you need to keep IE hanging around to check compatibility issues (/bitter laugh).
For once I'm glad... #
Posted Wednesday 25th February 2009 11:03 GMT
...that I'm stuck using Flash 7 on a MIPS-based netbook.
Security through obscurity (and being a bit rubbish).
Flash? Just say NO ... #
Posted Wednesday 25th February 2009 11:03 GMT
Most flash on web pages is used to cause continual annoyance that only makes it harder to read anything else that's on the screen.
Firefox and flashblock provides the answer. We don't see these annoyances in the first place.
Better still would be for web sites to implement proper NoFlash web pages which would make the whole web a more user-friendly place. Except in the rare cases where the flash actually performs a useful FUNCTION -- and that does not mean unnecessary emelishments or adverts.
Anything? #
Posted Wednesday 25th February 2009 21:21 GMT
"... The vulnerability is separate from a security bug in Adobe's Acrobat Reader program that is currently under attack."
Jeez! Does Adobe distribute anything (internet-facing) that's not "currently under attack"?
Hasn't been a problem for me #
Posted Saturday 28th February 2009 00:48 GMT
Although the proxy config lines below may have been a factor:
# =< Block Nasty Types >=======================================================
/*.*.swf
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- New storage architectures make SSDs more cost-effective
High-performance, cost-efficient storage infrastructures - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide - Checklist: Midmarket ERP Solutions
Control your rising business costs - Checklist: signs you need to upgrade your business phone system
Adopting the latest innovations in communication technology - Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - GPFS Sequential I/O performance
IBM BladeCenter and IBM System Storage
