Tuesday, July 17, 2007

Adobe Flash Browser Plugin High Risk Vulnerability

Yesterday, Adobe announced a vulnerability in its flash player that could be exploited to run arbitrary code. This vulnerability is cross browser and cross platform and the vulnerable software is installed by default on all recent copies of Windows and OS X.

All users who allow flash content in their browsers are at risk.

This morning we saw the first proof-of-concept exploit, which we fully expect to be the tip of the iceberg. Its likely that we'll see mass exploitation in the next few days..

To protect yourself, the best thing to do is to upgrade your flash plugin to 9.0.47.0 or later. If you use FireFox, the NoScript plugin will prevent flash content from running unless you specifically trust the source or grant it temporary permission. NoScript can be annoying, but its an extremely valuable tool in combatting malicious websites.

And, of course, make sure you're running gateway and desktop antivirus and intrusion prevention products that are up-to-date.

We'll keep you posted as we see more.

Note from the sponsor: eSoft's Gateway AntiVirus and Intrusion Prevention Softpaks provide full protection for this vulnerability and provided that protection starting shortly after the announcement of the vulnerability and well before any exploits became public.

No comments: