Flash 0-day

iago · May 28, 2008, 02:40:38 PM

There's a 0-day Flash vulnerability with widespread exploitation going on in the wild. One source is Slashdot, although it'll be on every big security site, including CERT.

I highly recommend blocking Flash until this is patched, or avoiding unnecessary Web browsing (you never know which sites get exploited and serve up exploits). Right now, if you're running Flash, you're vulnerable.

Scary!

<edit> Adobe's blog says it isn't actually a 0-day, but a known and patched vulnerability.

<edit2> I'm told that there are at least 20,000 sites infected with the exploit, and 250,000 more redirecting users to those sites. This is big!

Sidoh · May 28, 2008, 08:19:02 PM

I think I accidentally installed Gnash instead of Adobe Flash. Now I'm not regretting that so much. :D

rabbit · May 28, 2008, 08:32:17 PM

Gnash blows. I couldn't watch anything on YouTube with it, plus 1/2 the sites with flash I went to didn't work.

Hitmen · May 29, 2008, 12:49:46 AM

Quote from: rabbit on May 28, 2008, 08:32:17 PM
I couldn't watch anything on YouTube with it, plus 1/2 the sites with flash I went to didn't work.

that sounds like it would lead to a much more enjoyable web surfing experience. where do I sign up?

trust · May 29, 2008, 10:08:47 AM

youtube is the shit

Joe · May 29, 2008, 03:28:19 PM

NoScript is the shit.

I can't believe iago didn't mention that. :P

iago · May 29, 2008, 04:26:45 PM

NoScript is useful, but I didn't want to hawk any particular program. Anything you can use to block JS is fine.

Anyway, Adobe released a statement saying that the vulnerability exploited is one that was released a month ago, and is patched in version 124 (versions 115 and below are vulnerable). So upgrade if you haven't.

Clan x86

News:

Flash 0-day

iago

Sidoh

rabbit

Hitmen

trust

Joe

iago