A few of the most powerful web objects always have reports of regular vulnerabilities that can make it dangerous for even the most careful web surfer. Seems like at least once a month I hear about problems with JavaScript, Quicktime and now yet again, Adobe Flash.
As much I hate to recommend disabling such a powerful and useful component I have killed the version of Adobe Flash currently on my system. There are too many reports of infected sites to take any chances. Versions that appear to be affected include 9.0.115.0. and 9.0.124.0.
One of the new features of WinPatrol is the ability to disable ActiveX components that exhibit vulnerabilities. This feature is so important it’s included in the free and USB Flash version. If you have WinPatrol you can select Flash9(x).exe and click on Disable. You can always Enable again if you really need to but hopefully a new version of Flash will be released soon.
WinPatrol 2008
According to SecurityFocus…
Note: This is a drastic step. You will not be able to view most YouTube videos and will see a number of broken image boxes. The good news, you'll also miss some advertising as well.“Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.“
ZDNet: Adobe Flash zero-day exploit in the wild
ZDNet Update: Adobe Flash drive-by attacks redux
Update: According to Adobe...
"We've just gotten confirmation from Symantec that all versions of Flash Player
9.0.124.0 are not vulnerable to these exploits. Again, we strongly encourage everyone to download and install
the latest Flash Player update, 9.0.124.0. "
0 comments:
Post a Comment