In association with heise online

29 May 2008, 11:12

Confusion about hole in Flash Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The hole in Adobe Flash Player that is now being exploited by contaminated web sites in order to infect users with a trojan has caused a lot of excitement. Adobe has now published its first findings about the exploits that have so far been identified. It is possible that the current version 9.0.124.0 of Flash is not affected after all.

McAfee, Symantec and Adobe are not quite sure. The problem is that the malicious files that load damaging swf files in order to exploit the hole create their paramaters – the filename of the applet to be downloaded from the operating system, the Flash version number, and the browser being used – at runtime. So, if a Flash applet is running on a present-day system, it will try for example to load the file WIN%209,0,124,0ff.swf.

Symantec says it has observed such an exploit causing the current Flash Player to crash under Linux. This may indicate the exploitation of a security hole. Adobe, however, have stated that this behaviour is intentional and planned, and no malicious code gets run.

McAfee likewise cautions that the exploits discovered so far exploit the hole that Flash Player 9.0.124.0 closes, but since the file said to have been downloaded by the current Flash Player can't be tracked down, it remains possible that a vulnerability in it too was exploited.

Sounding the all-clear therefore appears premature. None of the firms will state categorically that the current version of Flash is actually secure. But it does give protection against the damaging swf applets found previously. If you don't wish to accept any risks, disable the Flash Player plug-in in the add-on manager in Internet Explorer or, in Firefox, use the FlashBlock or NoScript extensions that prevent the automatic execution of Flash applets. Moreover, if Flash Player has not been uninstalled, you should at least import its current version 9.0.124.0 into every browser on the computer.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735333
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit