US CERT - Adobe Flash Player 8 and 9

[Guest MEB]

As previously discussed, using Flash can be an opening to attack.

Here is another warning about vulnerabiliies.

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-100A

 

 

Adobe Flash Updates for Multiple Vulnerabilities

 

Original release date: April 9, 2008

Last revised: --

Source: US-CERT

 

Systems Affected

 

* Adobe Flash Player 9.0.115.0 and earlier

* Adobe Flash Player 8.0.39.0 and earlier

 

Overview

 

Adobe has released Security advisory APSB08-11 to address multiple

vulnerabilities affecting Adobe Flash. The most severe of these

vulnerabilities could allow a remote attacker to execute arbitrary

code.

 

I. Description

 

Adobe Security Advisory APSB08-011 addresses a number of

vulnerabilities affecting the Adobe Flash player. Flash player

versions 9.0.115.0 and earlier and 8.0.39.0 and earlier are affected.

Further details are available in the US-CERT Vulnerability Notes

Database.

 

An attacker could exploit these vulnerabilities by convincing a user

to visit a website that hosts a specially crafted SWF file. The Adobe

Flash browser plugin is available for multiple web browsers and

operating systems, any of which could be affected.

 

II. Impact

 

The impacts of these vulnerabilities vary. The most severe of these

vulnerabilities allows a remote attacker to execute arbitrary code or

conduct cross-site scripting attacks.

 

III. Solution

 

Apply Updates

 

Check with your operating system vendor for patches or updates. If you

get the flash player from Adobe, see the Adobe Get Flash page for

information about updates.

 

Restrict access

 

These vulnerabilities can be mitigated by disabling the Flash plugin

or by using the NoScript extension to whitelist websites that can

access the Flash plugin. For more information about securely

configuring web browsers, please see the Securing Your Web Browser

document.

 

IV. References

 

* Adobe Security Advisory APSB08-011 -

<http://www.adobe.com/support/security/bulletins/apsb08-11.html>

 

* Adobe Flash Player Download Center -

<http://www.adobe.com/go/getflash>

 

* Understanding Flash Player 9 April 2008 Security Update

compatibility -

 

<http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_upd

ate.html>

 

* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 -

<http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

_________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-100A.html>

_________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-100A Feedback VU#347812" in the

subject.

_________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

_________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

April 9, 2008: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR/zdXPRFkHkM87XOAQIR+ggAk0+t7keRs7OzyAsdG12UtFjyxheeX9Xi

Zl5UNxlnrUIAxe4eO0ySC+7TQm1MaJrBW2yWN7nbtf0pMGRfSudG78kv2KdVqT4o

SIrFhxIW+a4g2bFh56TEhZGRitMI+Yg3P0YyDA//svYvAQTXoEnBM0I4TBEYkb5C

d2X5O6cEJHpdz6yTlox0lnQb5fkpVsqGqnzagWtBAufEA482e1LeRiz/ehSs/SRa

iSbkadW30ZStsrRIrF1E7QRS1BF1QZ96C/5pgxl44zBb4d4+Dhjkk21S0hUjI/hm

FFKom4BrBaON+dRpsAWTDwxhM0Dib3YfskvKrdNic+lQ5ow/Mnp0Pg==

=SC0g

-----END PGP SIGNATURE-----

[Guest PCR]

Re: US CERT - Adobe Flash Player 8 and 9

 

MEB wrote:

| As previously discussed, using Flash can be an opening to attack.

| Here is another warning about vulnerabiliies.

....snip

| III. Solution

 

| * Adobe Flash Player Download Center -

| http://www.adobe.com/go/getflash

....snip...

 

Thanks, MEB. The upgrade went quick & well & without a reboot. I am now

v.9.0.124.0, as shown at...

 

(a) Open Explorer to C:\Windows\Downloaded Program Files.

(b) R-Clk "Shockwave Flash Object" in R-Pane, & select Properties,

Version tab.

 

Note: I had to go to the site to do it! It did not work to R-Clk the

object I had & select to update it!

 

 

--

Thanks or Good Luck,

There may be humor in this post, and,

Naturally, you will not sue,

Should things get worse after this,

PCR

pcrrcp@netzero.net