US CERT - Adobe Flash - SA08-149A

[Guest MEB]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

Cyber Security Alert SA08-149A

 

 

Exploitation of Adobe Flash Vulnerability

 

Original release date: May 28, 2008

Last revised: --

Source: US-CERT

 

 

Systems Affected

 

Microsoft Windows, Apple Mac OS X, and other operating systems that

use Adobe Flash Player

 

 

Overview

 

A vulnerability that affects Adobe Flash Player is being actively

exploited to install malicious software.

 

 

Solution

 

Apply Updates

 

Adobe has provided updates to remedy these vulnerabilities. To

obtain the updates, visit the Adobe Player Download Center.

 

 

Description

 

Adobe Flash Player is affected by multiple vulnerabilities. If you

open a malicious Flash file, which may be hosted on a website, an

attacker may be able to take control of your computer or cause it

to crash. The Adobe Security Bulletin provides updates that address

these vulnerabilities.

 

This issue was first published in US-CERT Cyber Security Alert

SA08-100A. However, recent reports indicate that at least one of

these vulnerabilities is being actively exploited at the time of

this document's publication.

 

For more technical information, see US-CERT Technical Cyber

Security Alert TA08-149A.

 

 

References

 

* US-CERT Technical Cyber Security Alert TA08-149A.html -

<http://www.us-cert.gov/cas/techalerts/TA08-149A.html>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

* Adobe PSIRT Potential Flash Player Issue - update -

 

<http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html>

 

* Adobe Security Advisory APSB08-011 -

<http://www.adobe.com/support/security/bulletins/apsb08-11.html>

 

* Adobe Flash Player Download Center -

<http://www.adobe.com/go/getflash>

 

* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011

- <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>

 

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/alerts/SA08-149A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "SA08-149A Feedback VU#395473" in the

subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

 

Revision History

 

May 28, 2008: Initial release

 

 

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBSD3lKHIHljM+H4irAQLdnQf9F4qCZzTjuL8nqz1Us5eYV50SMUcSMb0y

0+/TpgSNGCBiqZArimt1na5VHIBgeSpzFiWAXdpru+R5zjdK9Y/BVHT3f7v83oLT

o4MJD1cKXnJXSxMcG8x5WWFCl4XzHDPknBHK256MwYM5GQivBKYthoS6CTI+nVhv

rE24V9bbPwz6BaaCESfL30fwX+IM1R2Je9+hZAg8Kurb0uKkHKbNOB3Zgr2lrKWO

DHI3VESjHIqI1AxcE0uwl5M4UiEg8/L6bdqn1bWIKnc7FhmKOeDfwL52cStbTb8R

eAazTFgOvpm/07yLbfk99igygG2o5HEuJGQCnfTsdplCvvNQ5PMe5Q==

=BW2S

-----END PGP SIGNATURE-----