SANS ISC: Critical vulnerabilities in Adobe Flash Player

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Adobe has released a security bulletin today, APSB08-11, to address multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures.

It is strongly recommended to update to the newest Adobe Flash Player version, 9.0.124.0!

Please, check your current Adobe Flash Player version on the "about" page (before and after applying the update), and run the test with all your Web browsers, such as IE (ActiveX control), Firefox and Safari. Each browser may have access to a different version and require a separate installation method. Specific instructions to update each OS and/or browser are available here, and remember you may require administrative access to your computer and restart your browser.

If you are a developer, check Adobe's warning about potential compatibility issues introduced by this update:
Due to the possibility that these security enhancements and changes may impact existing Flash content, content developers are advised to review this March 2008 Adobe Developer Center article to determine if the changes will affect their content, and to begin implementing necessary changes immediately to help ensure a seamless transition.

CVE's: CVE-2007-5275, CVE-2007-6243, CVE-2007-6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654

--
Raul Siles
www.raulsiles.com