[juneau-lug] Re: Flash 9.0.115 and 9.0.124 vuln

• From: James Zuelow <e5z8652@xxxxxxxxxx>
• To: juneau-lug@xxxxxxxxxxxxx
• Date: Thu, 29 May 2008 09:02:03 -0800

On Wednesday 28 May 2008 06:20:46 am James Zuelow wrote:
> Starting yesterday there are reported vulnerabilities with the latest two
> versions of flash (and possibly earlier) that let an attacker execute code.
>
> So far nobody is saying anything about operating systems, and the
> information at isc.sans.org shows the exploit downloading exe files which
> points to Windows.  However I don't see anything saying it won't work on
> Linux.  Could very well be that the testers were using Windows and the
> exploit detected this and attacked accordingly.
>
> If you're paranoid, you might want to block *.swf at the firewall or proxy,
> or rename your flash plugins until more information comes in.

Turns out I'm more paranoid than I need to be -- this was exploiting the older 
Flash vulnerability that was fixed with 9.0.124.  So if you're up to date on 
your flash, you're good.

Also, I never did see anything that implied there was code for Linux users.  
However I did note that Apple's OSX security update for 9.0.124 came out JUST 
TODAY.  Wow.

Anyway, the weather-man says there is absolutely no reason to be thinking 
about Flash at all until next Tuesday!  Woo whoo!

James
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

• » [juneau-lug] Flash 9.0.115 and 9.0.124 vuln
• » [juneau-lug] Re: Flash 9.0.115 and 9.0.124 vuln

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription