Confusion about hole in Flash Player
The hole in Adobe Flash Player that is now being exploited by contaminated web sites in order to infect users with a trojan has caused a lot of excitement. Adobe has now published its first findings about the exploits that have so far been identified. It is possible that the current version 188.8.131.52 of Flash is not affected after all.
McAfee, Symantec and Adobe are not quite sure. The problem is that the malicious files that load damaging
swf files in order to exploit the hole create their paramaters – the filename of the applet to be downloaded from the operating system, the Flash version number, and the browser being used – at runtime. So, if a Flash applet is running on a present-day system, it will try for example to load the file
Symantec says it has observed such an exploit causing the current Flash Player to crash under Linux. This may indicate the exploitation of a security hole. Adobe, however, have stated that this behaviour is intentional and planned, and no malicious code gets run.
McAfee likewise cautions that the exploits discovered so far exploit the hole that Flash Player 184.108.40.206 closes, but since the file said to have been downloaded by the current Flash Player can't be tracked down, it remains possible that a vulnerability in it too was exploited.
Sounding the all-clear therefore appears premature. None of the firms will state categorically that the current version of Flash is actually secure. But it does give protection against the damaging
swf applets found previously. If you don't wish to accept any risks, disable the Flash Player plug-in in the add-on manager in Internet Explorer or, in Firefox, use the FlashBlock or NoScript extensions that prevent the automatic execution of Flash applets. Moreover, if Flash Player has not been uninstalled, you should at least import its current version 220.127.116.11 into every browser on the computer.
- Critical vulnerability in Flash Player is being actively exploited, heise Security news
- Symantec ThreatCon, statements by Symantec
- Potential Flash Player issue - update, update from Adobe
- Flash Player Exploit Update 2, report from McAfee