The joy of flash (unpatched exploit)

GrimReaper

A little heads up that there's an unpatched vulnerability for flash going around that is in the wild.

So, at least until Adobe release a fix you lot may want to install something like flashblock if you're using Firefox, disabling ActiveX controls and plugins if you use IE. If you use other browsers like Opera, Safari etc I suggest doing the requisite actions to disable flash/plugins too for the moment.

I think the exploit itself exists on all platform versions of flash (so OS X, Linux, Windows), however I think Windows is the only one being targeted by the fun, fun virus writers at the moment.

Daedalus

son of a bitch.

You see, Internet? You see what you fucking get when you make something like Flash a defacto standard to make most websites work?

Dayvan Cowboy

Thanks for the heads up - that flashblock looks pretty useful in general.

ArcSyn

Meh,
no big deal. Every piece of software ever made has some vulnerability in it. I'm not worried.

GrimReaper

ArcSyn wrote: »

Meh,
no big deal. Every piece of software ever made has some vulnerability in it. I'm not worried.

This exploit is stupidly easy to run on machines. The first example was simply viewing a webpage that had this on there as say a banner or even a 1x1 pixel sized embedded flash file. You'd never know your machine ran the exploit.

The other is you could embed the flash file in an email, that way as soon as you open the email to view it the exploit runs.

The severity of the exploit is what you should be worried about and the severity of this exploit is pretty damn big. It's one thing to click on a file and get infected with a virus. It's another thing altogether to simply view a webpage or email and get exploited/infected.

Also, because this exploit is for flash it's exposure to a larger audience than your typical IE exploit makes it much worse.

TyrantCow

Why did I have to read this before I go to work today.

Now, I may have to do something about it. Why?

subedii

GrimReaper wrote: »

A little heads up that there's an unpatched vulnerability for flash going around that is in the wild.

So, at least until Adobe release a fix you lot may want to install something like flashblock if you're using Firefox, disabling ActiveX controls and plugins if you use IE. If you use other browsers like Opera, Safari etc I suggest doing the requisite actions to disable flash/plugins too for the moment.

I think the exploit itself exists on all platform versions of flash (so OS X, Linux, Windows), however I think Windows is the only one being targeted by the fun, fun virus writers at the moment.

Thanks for the heads up.

I'll try and stick to well known sites for now as well, but generally those have flash ads from third parties, and those can often be dubious too. Darn.