News & ArticlesNewsNew exploits target Adobe Flash Player
Submit Article

World of Warcraft News & Articles

  • 0% approval rating
  • 1
  • 2
  • 3
  • 4
  • 5

New exploits target Adobe Flash Player

News | May 28, 2008 (3 months ago) | von Mera_LaCroisadeEcarlate | via www.wowinsider.com | Filed in World of Warcraft

WoWinsider posted an interesting blog entry about a 0day flash player exploit actually hitting:

According to reports, a new wave of exploits has appeared taking advantage of a vulnerability Adobe Flash Player. Allegedly over 200,000 web sites now have redirects to malware, including keyloggers, through embedded Flash. And we all know how evil keyloggers can be. Flash Player 9.0.115.0 appear to be the affected version.

source

The Flash Player 9.0.115.0 is the affected version, you can know which version you are running by using this Adobe link

To note that the version 9.0.124.0 supposed to be patched may still be exploited in a few cases like the linux version nor windows version with debug player ON. If you want to be fully safe, completely uninstall Adobe Flash Player for the moment.

Some technical reference links:
Sans
SecurityFocus
Adobe security advisories

RSS

Add Your Comment

avatar
Mera_LaCroisadeEcarlate
3 months ago

Yes to resume globally all versions are vulnerable yet , it may be harder to exploit the 9.0.124.0 but this version is reported vulnerable so if you really care for your security the only best patch you can add for now is to completely uninstall Flash player and waits for a version > but not equal to 9.0.124.0, according to news security sites it's an old known Flash vulnerability that has not been patched correctly and so on, all actual versions are at risk.

Posting Tech details link there because the Curse's News editor is bugged a lot there, it does not apply "Edit" changes and it is always reverting back to the original news paper some seconds after editing:

//EDIT: looks like stabler via cursebeta.com

Adobe security advisories
Sans
SecurityFocus

Reply Delete Permalink
avatar
Exry
3 months ago

Ok, I didn't really get it.

is the GNU/Linux version of flash affected? :/

Reply Report Permalink
avatar
Heydan
3 months ago

How about a big fuck you to wow security levels,a tad tired of reading about keyloggers and possible threats,piss of ye?:) kty

Reply Report Permalink
avatar
Bilgerat987
3 months ago

Thanks for the info. My question is this - Is there a 'safe' version that I can d/l? ...and, where do I find that version?

Reply Report Permalink
avatar
Nevermindz
3 months ago

You can download the latest version here : http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Reply Report Permalink
avatar
icravecookies
3 months ago

Ouch, i also had said version, time to scrub my computer again...

Reply Report Permalink
avatar
Mera_LaCroisadeEcarlate
3 months ago

I have updated the news with links having the technical details about this vulnerability if you would like to know much about it. To note that 9.0.124.0 is also noted affected so pay attention to a new flash player version probably coming very soon.

Remember that's a 0day, no CVE entry, in other words this is a vulnerability on which Adobe hasn't been informed and of course everyone else so be careful even with that supposed 9.0.124.0 patched version.

Reply Delete Permalink
avatar
Kody
3 months ago

Thanks for passing this info on!

Reply Report Permalink
avatar
sup2069
3 months ago

just updated, had that exploitable version. UPDATE NOW!

Reply Report Permalink