by
Larry Seltzer
The vulnerability research community has been in a mad rush since
the reports yesterday of an unpatched vulnerability in Adobe Flash being exploited in the wild.
There is still a surprising amount of ambiguity in the situation, but we know a lot more than we did 24 hours ago.
As McAfee reports, this vulnerability turns out to be very similar to another recent one,
CVE-2007-0071, which affected Adobe Flash Player 9.0.115.0 and earlier.
Adobe has declared that it is, in fact, the same vulnerability and that the current version, 9.0.124.0, is not vulnerable. SecurityFocus has gone so far as
to retire their entry on it.
But McAfee and others point out persistent reports that this exploit is affecting subsequent versions which were supposed to fix the problem. For this reason we see a lot of advice on how to disable Flash mixed in with advice to update to 9.0.124.0. We recommend
upgrading to this version regardless of whatever else you do.
To find out what version of Flash you are running,
click here.
Everyone is reporting that the Flash vulnerabilities are being spread via
the recent epidemic of SQL injection attacks to web sites.
An entry on shadowserver.org has great details on where the attacks have been found. The attack, by the way, comes in the form of a malicious .SWF file.
If you're interested in blocking Flash, there are a number of approaches you could take. In Internet Explorer you can use the Tools-Manage Add-Ons dialog, select Shockwave Flash Object and then the Disable radio button, but this will produce annoying warning messages. F-Secure has handy registry command files to
disable Flash and
re-enable it for IE by manipulating the kill bits.
In Firefox the easiest thing is to use
Flashblock, a free add-in.
http://www.pcmag.com/article2/0,1895,2310320,00.asp
Adobe Flash "Pandemic?"
Reply With Quote
