A number of readers have written in to warn us about a recent notification from Adobe/Macromedia regarding an unspecified number of vulnerabilities of some nature within pretty much every Flash execution engine you've heard of on all the platforms that support Flash; eg Windows and Macintosh running:
There are several other sources of "information" about this issue:
Secunia's Writeup, Microsoft's Writeup, and Macromedia's Writeup.
So, we know that it appears as if the arbitrary code you're running inside a flash file has the potential to escape the flash engine and obtain access to the host system. We know that updated versions of flash are available.
Microsoft's writeup also contains instructions on disabling the flash ActiveX control from executing. Firefox users could probably get away with using AdBlock to prevent "*.swf" files, although it's not necessary that
the malware end in ".swf".
We don't know much else. We don't know how it works. We don't know who's seen it, if anyone has.
Mar 15th 2006
1 decade ago