Tuesday, September 14, 2010 1:28 PM
cmosby
More on New Zero Day Flaw in Adobe Flash Player – SANS Newsletter
--Zero-Day Flaw in Adobe Flash Player
(September 13, 2010)
Adobe is warning of a second zero-day vulnerability (see story below), this one in Adobe Flash Player. The critical flaw affects Flash Player
10.1.82.76 for Windows, Mac OS X, Linux, Solaris and Android, and is being actively exploited in Windows. As with the previously disclosed flaw in Reader, this vulnerability can be exploited to crash systems and possibly take control of them. Users can protect themselves from attacks by using Firefox with the NoScript add-on, which blocks Flash content but lets users provide a list of trusted websites that will be allowed to run Flash. Adobe plans to release a patch for the Flash vulnerability in two weeks, and to issue a fix for the zero-day flaw in Reader in three weeks.
Internet Storm Center: https://isc.sans.edu/diary.html?storyid=9544
http://www.theregister.co.uk/2010/09/13/adobe_flash_0day_vuln/
http://www.computerworld.com/s/article/9185218/Adobe_sounds_alarm_on_Flash_zero_day_attacks?taxonomyId=17
http://www.adobe.com/support/security/advisories/apsa10-03.html
Filed under: Security and Anti-Virus, Patch Management, Internet Hacks, Internet Applications, Spam\Phishing, Configuration Management, ConfigMgr, Enterprise Applications, Software Vulnerabilites, Adobe