Adobe Flash Player Zero-Day Vulnerability
GSA Reference Number: AD080528-01
Simply Put: Adobe’s Flash Player has a new, zero-day vulnerability. Zero-day means the attack is being actively exploited on the internet and there is not a patch available. Adobe Flash Player is used to display flash files (.swf) in web pages – these files are normally seen as movies or animations. The vulnerability can be used to run malicious code on a user’s machine without notification or permission. Gladiator feels this issue is extremely critical.
Attack Details: There are no details currently available from Adobe. The reported vulnerable version is 9.0.124.0. Other versions may also be vulnerable.
Countermeasures: Users should be reminded not to visit untrusted websites or click on links to pages they have never visited. Keep checking the below links for information on when a patch will be available. Once a patch is available, be sure to have all users install it in the organization. Check all servers and critical workstations and uninstall Flash if possible.
If you are using Mozilla Firefox, Gladiator suggests downloading the NoScript plugin. NoScript will block all scripts and active content unless specifically allowed for each site. It will prevent Flash files from running without permission. The link is included below for your convenience. Gladiator is not aware of an Internet Explorer plugin with these capabilities.
Update [May 28, 2008]: Gladiator has started blocking all flash content that triggers this vulnerability for our IPS customers. No additional customer action is necessary to enable this protection. Standard Flash content will not be blocked.
Update [May 29, 2008]: Adobe has released more information on this vulnerability. This bug was fixed in Adobe Flash Player 9.0.124.0. However, prior versions of Flash Player are still vulnerable. Gladiator recommends all institutions upgrade to Adobe Flash Player 9.0.124.0 as soon as possible. The link to the latest version is below.
Reference Links:
- Security Focus Advisory (http://www.securityfocus.com/bid/29386)
- Secunia Advisory (http://secunia.com/advisories/30404/)
- Adobe Security Post (http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html)
- US-CERT Vulnerability Note (http://www.kb.cert.org/vuls/id/395473)
- Firefox NoScript Plugin (http://noscript.net/)
- Adobe Flash Player Latest Version (http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash)