bit-tech.net

Adobe Flash flaw allows code execution

Adobe Flash flaw allows code execution

Perhaps this message should read "in order to get 0wn3d, download Adobe Flash Player."

If you use a browser fitted with an Adobe Flash plugin, you might want to think about updating your software if you value your security.

According to an announcement by the United States Computer Emergency Response Readiness Team (or US-CERT), the latest version of Adobe's popular Flash Player 9 has a flaw which is currently being exploited to install malicious software on unsuspecting web users' PCs.

All version of Flash 9 prior to the very latest release, version 9.0.124.0, are vulnerable to the attack which exploits a flaw in ActionScript 3.0, a feature introduced in version 9 of the popular rich media player. To take advantage of the security hole that ActionScript 3.0 introduced, all a cracker needs to do is somehow point you toward a website containing an embedded SWF file containing the exploit code. When this file is played via the browser, it will download and install whatever malware the cracker wants.

Adobe has announced that the vulnerability, which has been assigned the code CVE-2007-0071 on the Common Vulnerabilities and Exposures project, has been resolved as of Flash Player 9.0.124.0. If you haven't upgraded Flash Player in the last few days, now would be a very good time to do so. If you're not sure what version you're running, Adobe has a useful version checker on its website.

This isn't the first time a technology designed to bring music and video to websites has been used as an attack vector by ne'er-do-wells, and due to the complexity of the software involved it's unlikely to be the last. Although updating your software regularly helps mitigate the effects of flaws such as this, prevention is always better than cure – using a browser such as Firefox in conjunction with the NoScript add-on can protect you from a wide range of web-based attacks on untrusted websites even before the vulnerabilities are discovered.

Anyone here had their system do funny things after visiting a dodgy Flash-laden website, or do we all disable such frippery by default? Share your thoughts over in the forums.

4 Comments

Discuss in the forums Reply
proxess 29th May 2008, 13:40 Quote
one good news from Adobe yesterday, one bad news from Adobe today...
freedom810 29th May 2008, 14:31 Quote
Yep saw it on the WoW log in screen :D thankyou blizzard.
And bit-tech of course.
koola 29th May 2008, 16:11 Quote
It's a good job I updated to 10.5.3 this morning, im safe.
Woodstock 29th May 2008, 23:23 Quote
flash is a flaw i tell you
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums