Monday, June 7, 2010

Patch Your Flash!

Blizzard has released an advisory warning all players to update their Adobe Flash Player.  Adobe Flash Player 10.0.45.2 has a vulnerability that may allow an attacker to take control of your machine.

LUCYTR: A critical vulnerability has been discovered in Adobe Flash Player 10.0.45.2 and Adobe Reader/Acrobat 9.x, and could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash 10.1, Release Candidate 7 (available at http://labs.adobe.com/technologies/flashplayer10/), does not appear to contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible. Earlier versions of Adobe Reader and Acrobat, specifically version 8.x, do not appear to contain this vulnerability, either. 
Adobe reports that it has seen evidence of this vulnerability already being exploited.

Although the technical details are still sketchy, it is likely to require a specially crafted flash or PDF file to trigger the vulnerability.  We have seen this type of attack on Adobe flash before - where you can be infected by a keylogger/trojan by simply visiting a legitimate web page that renders this malicious code or redirects to a malicious site containing the code.

Unfortunately, Adobe don't seem to have this fix on their auto-update system so be sure to visit Adobe's Security Page and patch your machine with v10.1 today.

No comments:

Post a Comment