New exploits target Flash
by Eliah Hecht 
May 28th 2008 at 4:30PM
According to reports, a new wave of exploits has appeared taking advantage of a vulnerability Adobe Flash Player. Allegedly over 200,000 web sites now have redirects to malware, including keyloggers, through embedded Flash. And we all know how evil keyloggers can be. Flash Player 9.0.115.0 appear to be the affected version.Adobe quickly responded to the issue, saying that the vulnerability is fixed in 9.0.124.0, the latest version of the player, so to make yourself secure, all you need to do is update your Flash. To check what version you are running, go to this Adobe page. Keeping your software up-to-date is one of the best ways to close security holes; if you're truly paranoid, you could always go the route of adding Flashblock and/or No-Script into your browser. And be sure to keep an eye on our new Azeroth Security Advisor column for more tips on how to keep yourself from being compromised. Once again, to update your Flash and patch this vulnerability go to Adobe's "Get Flash" page.
Update: It is possible that certain versions of 124 (namely, the standalone version for Linux and the standalone version with debug capabilities for Windows) are also affected by the exploits. At this time it is recommended to disable Flash if you are running those versions.
Update 2: It is currently believed that all versions of 124 are safe. Nevertheless, caution is generally a good idea.
Filed under: News items, Account Security
Reader Comments (Page 1 of 1)
Gurran May 28th 2008 4:41PM
Thank you for the information!
I had the affected version and quickly updated :).
james May 28th 2008 4:43PM
Upgrading Flash, also gave me the Google toolbar without me askign for it.. Thanks ADOBE....
Be warned, remove this after IE restart if your like me...
jbodar May 29th 2008 3:46AM
There's a big checked box next to "Google Toolbar" that you can uncheck to decline. Your fault if you don't read what's on the screen.
Zhalseran May 28th 2008 4:50PM
Thanks for the heads up, I'm all updated!
Milktub May 28th 2008 4:55PM
As always, best bet is to not run untrusted scripts/flash.
My computer is four years old. Never had a bug on it.
Udderbull May 28th 2008 5:01PM
fyi ... there are zero-day exploits out for the current version of flash as well: http://isc.sans.org/diary.html?storyid=4465
There are other articles detailing flash vulnerabilities on that site for those interested, but I would just disable flash until Adobe puts out another update.
Eliah Hecht May 28th 2008 5:03PM
Adobe is claiming that the vulnerability is fixed in 128. That said, of course, it's always safest to open as few avenues of attack as possible (which in this case would indeed mean disabling Flash).
Colby Jack May 28th 2008 5:07PM
to further clarify ... it could be limited to specific versions of 9.0.124.0.
http://www.securityfocus.com/bid/28695/discuss
Eliah Hecht May 28th 2008 5:08PM
Thanks Colby, updated the post to reflect this important information. Keep me posted if you find anything new, folks.
Unagieater May 28th 2008 5:01PM
To the updatemobile!
Thank you guys.
Augger May 28th 2008 6:06PM
If your using Firefox use this adon and flash won't bother you again.
https://addons.mozilla.org/en-US/firefox/addon/433
Eternalpayn May 28th 2008 9:11PM
NoScript disables flash too, I believe.
Procris May 28th 2008 6:23PM
Keyloggers constantly worry me. I never know if my AVG free would be able to detect one if i ever got one on my system. Quite worrying that you could be browsing something you think is safe but is actually infected. I try to stick to "safe" sites now adays but even those could be compromised.
kuri May 29th 2008 2:18AM
Lo and behold, I am hacked. AdBlock and NoScript didn't do it for me, I guess.
Dillon May 29th 2008 1:31PM
likewise ... blizz must have their hands full this week ....
:(
Jack Spicer May 29th 2008 3:40AM
What ever happened to the motto "Keep it simple stupid".
I'm so tired off all these websites that have flash for no reason other than "it looks pretty".
Tinious May 29th 2008 7:59AM
FWIW it looks like Blizz has a warning on login that you need to install the latest flash and it would not let me login until I upgraded.... This may be even more serious than origionally expected.
sam2 May 29th 2008 1:29PM
the new version of flash breaks youtube :(
dapwilliams83 May 29th 2008 5:06PM
I have not been really happy since Adobe took over from Macromedia.
I have been developing games for online use and for mobile phones, using Flash Lite v1.1, but have more or less given up on mobile phone games because of the lack of advertising on phone manufacturers sites. When Macromedia were developing Flash Lite it seemed like it may be a similar takeover on phones as was the case on the web, but time has shown otherwise. Java games still rule.
FREE onlineflash games