Serious Flashplayer bug/exploit - patch right now!

[solarbird]

If you are unaware of this recently published Adobe Flash Player exploit, you need to update your version of the player in all browsers on all operating systems now. Here is Adobe's support bulletin, which includes instructions on how. This is not just a Windows exploit, or an Internet Explorer exploit; it exists in all versions of Flashplayer and allows execution of arbitrary code. So far, only demonstration code is known to exist, so you have a window of opportunity to get your systems patched before Russian mobsters are p0wning your box.

If you don't know whether you have Flash player installed, you almost certainly do. If you've ever been to Homestar Runner to read Strongbad Email, for example, and seen anything at all, you have Flash player.

Comments

[darkphoenixrisn.livejournal.com]

Thanks for letting me know. I just updated.

[maellenkleth]

dank u vell, mevrou!

eta: oh heh? would it be okay to borrow that snaggle-tooted icon?

[solarbird]

Feel free. Pls. credit A Miracle of Science and lj:solarbird. ^_^

Also, you, like everyone, should read A Miracle of Science:

http://www.project-apollo.net/mos/mos000.html

I ♥ it.

[maellenkleth]

oh, oh, OH.

thank you very much. as çayani sriþun go you are definitely okay.

[cow.livejournal.com]

This'll be bonus fun on things like the Wii...

[technoshaman.livejournal.com]

oh, jeez, has that thing got a Flash player in it?

[cow.livejournal.com]

Yeah, as part of the Internet Channel (or whatever it's called); it has a build of Opera + Flash.

[technoshaman.livejournal.com]

Gotta love that icon. Way more appropriate for serious pwnage like this than even Puffy the Blowfish.

Good luck with getting all your users updated.... I know I've a few chores ahead of me.... *sigh*

[firni.livejournal.com]

If they use it to send pr0n, then it's REALLY a "flash" exploit.

kekeke

Thanks for the warning!

[elfs.livejournal.com]

My favorite analysis of the analysis was The evidence is now overwhelming that Mark Dowd was, in fact, sent back through time to kill the mother of the person who will grow up to challenge SkyNet. (http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/)

I have actually read the 26-page exploit report published by IBM's X division. It's quite scary. Anyone with a mind that twisted should not be allowed loose on the streets.

[solarbird]

I have actually read the 26-page exploit report published by IBM's X division. It's quite scary.
So did I. That is a most righteous piece of hackery. I am very happy that Mark Dowd is a white-hat.

[angharads-house.livejournal.com]

Indeed a most interesting paper, and one which was delightfully comprehensible to someone who stopped trying to do Comp Sci well before the dawn of time (bailed at end of Spring Session 1977, holy cow, long time passing by).

Wish I had the dosh to sponsor an X-Prize for the development of a robust, secure, solar-rechargeable, portable personal satcomm unit -- an ansible without (sigh) quite the zero latency expected of ansibles.

Also wish I lived on Mars. But wait, we do, sort of....

Now have that part of IBM webspace bookmarked for future reference. Once again, yayness upon them.

Angharad
red-hat, as evidenced by intel photos from China, summer 2007