Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, May 28, 2008

Adobe Flash Player Vulnerability

A few of the most powerful web objects always have reports of regular vulnerabilities that can make it dangerous for even the most careful web surfer. Seems like at least once a month I hear about problems with JavaScript, Quicktime and now yet again, Adobe Flash.

As much I hate to recommend disabling such a powerful and useful component I have killed the version of Adobe Flash currently on my system. There are too many reports of infected sites to take any chances. Versions that appear to be affected include 9.0.115.0. and 9.0.124.0.

One of the new features of WinPatrol is the ability to disable ActiveX components that exhibit vulnerabilities. This feature is so important it’s included in the free and USB Flash version. If you have WinPatrol you can select Flash9(x).exe and click on Disable. You can always Enable again if you really need to but hopefully a new version of Flash will be released soon.

Disable Flash with WinPatrol
WinPatrol 2008


According to SecurityFocus

“Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.“

Note: This is a drastic step. You will not be able to view most YouTube videos and will see a number of broken image boxes. The good news, you'll also miss some advertising as well.

ZDNet: Adobe Flash zero-day exploit in the wild
ZDNet Update: Adobe Flash drive-by attacks redux

Update: According to Adobe...

"We've just gotten confirmation from Symantec that all versions of Flash Player
9.0.124.0 are not vulnerable to these exploits. Again, we strongly encourage everyone to download and install
the latest Flash Player update, 9.0.124.0
. "


Labels: , ,

Share on Facebook


4 Comments:

Anonymous Anonymous said...

Thanks for the info Bill. I use an extension block flash in my browser Firefox but I many times find that friends send me links to Youtube to see things. Will think twice about it now.

7:17 PM  
Anonymous Anonymous said...

I may have misread your blog. In my previous comment I mention not allowing flash presentation from You tube but now I wonder if I misread your blog. Are you saying Youtube could be posting these infected flash? If I misread things then pull my previous comment about not going to youtube

7:33 PM  
Blogger Unknown said...

I'm not suggesting that viewing flash videos on YouTube is necessarily a problem. I like to think that any YouTube videos with malware would be taken down quickly but that's another issue.

What I wanted to point out is if you disabled Adobe Flash using WinPatrol or other programs it will disable most YouTube videos. Most people don't realize that YouTube converts videos to both Flash and Quicktime depending on the platform.

So I still recommend disabling Adobe Flash for now, but though you needed to know it will affect many popular features on the internet like YouTube.

Bill

9:00 PM  
Anonymous Anonymous said...

FYI

According to Adobe, the vulnerability in question is a known one and is fixed in version 9.0.124.0.

So, if you have a previous version installed, now is the time to upgrade to version 9.0.124.0.

-Pete

8:57 AM  

Post a Comment

<< Home