Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 01, 2015, 11:29:06 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: New Adobe Flash Player Security Exploit Reported Today (tuesday may 27)  (Read 5112 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 34,976
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
This is a good reason to install a firefox extension that blocks Flash movies unless you specifically whitelist the website.  For example: NoScript or FlashBlock.

Quote
Exploits target new Adobe Flash bug

Symantec on Tuesday revealed that the latest version of the Adobe Flash Player contains an unpatched vulnerability that is being actively exploited.


housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
I have been reluctant in the past to install yet another extension into my browser, but I am now adding flashblock to my list of extensions.

I wonder if I should get rid of the flash plugin altogether...

Grorgy

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 821
    • View Profile
    • Donate to Member
Trouble is, if we start disabling or removing all the plugins and so on, we will end up browsing plain text, which may be nostalgic for some and safe, but ohh so dull.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
My experience with FlashBlock (up until about 6 months ago) was that flash movies would occasionally be loaded prior to FlashBlock disabling them. I believe it is not as deeply integrated into the browser as NoScript is, which is why i switched (plus j/s and xss protection etc), and have not had the same problem since. I would recommend NoScript over FlashBlock both for the additional functionality, and the seemingly tighter protection.

Ehtyar.
« Last Edit: May 27, 2008, 08:41:00 PM by Ehtyar »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Ehtyar: thanks for that word of warning, if it's not been fixed, that basically means FlashBlock is useless.

I never installed NoScript because I don't find flash to be that intrusive, as long as I'm running AdBlockPlus. I did consider it a few times, because I had the nagging feeling that sooner or later, somebody would find a 0day exploit for flash, and we'd be in royal trouble. But out of lazyness (whitlisting, *sigh*) I never did it.

Is the exploit that's now in the wild based on the NULL pointer exploit? Pretty nasty stuff.
- carpe noctem

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 857
    • View Profile
    • linkerror
    • Donate to Member
I have used noscript for a long time, to block flash and java. It's handy because you can whitelist sites or allow stuff on the fly. I only use it on my own computer now anymore though, because too many times my wife would not understand why sites did not function correctly. Even though she knew to click allow on the noscript button, sometimes you have to allow multiple sources etc... I imagine it can be a bit confusing for people that aren't much into computers.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Ehtyar: thanks for that word of warning, if it's not been fixed, that basically means FlashBlock is useless.
...
Is the exploit that's now in the wild based on the NULL pointer exploit? Pretty nasty stuff.
And thank you for the technical info f0dder. Very interesting, not to mention fear-instilling.

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
I'm not sure if that's the exploit that's been used, but if so - then it's relatively old. No telling how long it's been silently exploited by 0-day blackhats before it reached the wild, though... banner ads are scary. One compromised banner ad server, and even the cleanest sites on the net can get you infected.
- carpe noctem

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
*sigh*, the never ending story with Flash. And they want people to disable ad blocking...

I wonder if Opera's FlashBlock also suffers from the same problem as its Firefox counterpart. Perhaps it's time to disable plugins EVERYWHERE... except in YouTube, of course :D
« Last Edit: May 29, 2008, 06:10:11 PM by Lashiec »

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,513
    • View Profile
    • Donate to Member

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Well, it seems they already fixed it in the latest version, those are good news! :)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Well, it seems they already fixed it in the latest version, those are good news! :)
I'm keeping ScriptBlock, though :)
- carpe noctem