Author Topic: Flash 0-day  (Read 3753 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Flash 0-day
« on: May 28, 2008, 02:40:38 pm »
There's a 0-day Flash vulnerability with widespread exploitation going on in the wild. One source is Slashdot, although it'll be on every big security site, including CERT.

I highly recommend blocking Flash until this is patched, or avoiding unnecessary Web browsing (you never know which sites get exploited and serve up exploits). Right now, if you're running Flash, you're vulnerable.

Scary!

<edit> Adobe's blog says it isn't actually a 0-day, but a known and patched vulnerability.

<edit2> I'm told that there are at least 20,000 sites infected with the exploit, and 250,000 more redirecting users to those sites. This is big!
« Last Edit: May 28, 2008, 03:40:21 pm by iago »

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Flash 0-day
« Reply #1 on: May 28, 2008, 08:19:02 pm »
I think I accidentally installed Gnash instead of Adobe Flash.  Now I'm not regretting that so much. :D

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Flash 0-day
« Reply #2 on: May 28, 2008, 08:32:17 pm »
Gnash blows.  I couldn't watch anything on YouTube with it, plus 1/2 the sites with flash I went to didn't work.

Offline Hitmen

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 1913
    • View Profile
Re: Flash 0-day
« Reply #3 on: May 29, 2008, 12:49:46 am »
I couldn't watch anything on YouTube with it, plus 1/2 the sites with flash I went to didn't work.
that sounds like it would lead to a much more enjoyable web surfing experience. where do I sign up?
Quote
(22:15:39) Newby: it hurts to swallow

trust

  • Guest
Re: Flash 0-day
« Reply #4 on: May 29, 2008, 10:08:47 am »
youtube is the shit

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Flash 0-day
« Reply #5 on: May 29, 2008, 03:28:19 pm »
NoScript is the shit.

I can't believe iago didn't mention that. :P
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Flash 0-day
« Reply #6 on: May 29, 2008, 04:26:45 pm »
NoScript is useful, but I didn't want to hawk any particular program. Anything you can use to block JS is fine.

Anyway, Adobe released a statement saying that the vulnerability exploited is one that was released a month ago, and is patched in version 124 (versions 115 and below are vulnerable). So upgrade if you haven't.