[juneau-lug] Flash 9.0.115 and 9.0.124 vuln
- From: James Zuelow <e5z8652@xxxxxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Wed, 28 May 2008 06:20:46 -0800
Starting yesterday there are reported vulnerabilities with the latest two
versions of flash (and possibly earlier) that let an attacker execute code.
So far nobody is saying anything about operating systems, and the information
at isc.sans.org shows the exploit downloading exe files which points to
Windows. However I don't see anything saying it won't work on Linux. Could
very well be that the testers were using Windows and the exploit detected
this and attacked accordingly.
If you're paranoid, you might want to block *.swf at the firewall or proxy, or
rename your flash plugins until more information comes in.
I know my kids LOVE flash gaming sites, which seems like it would be a natural
vector for such stuff. Kids are very likely to ignore odd things happening
and just log back into a site if something goes awry while they're playing
club penguin...
Anyhow.
James
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
