Flash 0-day

[iago]

There's a 0-day Flash vulnerability with widespread exploitation going on in the wild. One source is Slashdot, although it'll be on every big security site, including CERT.

I highly recommend blocking Flash until this is patched, or avoiding unnecessary Web browsing (you never know which sites get exploited and serve up exploits). Right now, if you're running Flash, you're vulnerable.

Scary!

<edit> Adobe's blog says it isn't actually a 0-day, but a known and patched vulnerability.

<edit2> I'm told that there are at least 20,000 sites infected with the exploit, and 250,000 more redirecting users to those sites. This is big!

[Sidoh]

I think I accidentally installed Gnash instead of Adobe Flash.  Now I'm not regretting that so much.

[rabbit]

Gnash blows.  I couldn't watch anything on YouTube with it, plus 1/2 the sites with flash I went to didn't work.

[Hitmen]

I couldn't watch anything on YouTube with it, plus 1/2 the sites with flash I went to didn't work.

that sounds like it would lead to a much more enjoyable web surfing experience. where do I sign up?

[trust]

youtube is the shit

[Joe]

NoScript is the shit.

I can't believe iago didn't mention that.

[iago]

NoScript is useful, but I didn't want to hawk any particular program. Anything you can use to block JS is fine.

Anyway, Adobe released a statement saying that the vulnerability exploited is one that was released a month ago, and is patched in version 124 (versions 115 and below are vulnerable). So upgrade if you haven't.