US-CERT Technical Cyber Security Alert TA08-100A -- Adobe Flash Updates for Multiple Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        National Cyber Alert System
   
    Technical Cyber Security Alert TA08-100A


Adobe Flash Updates for Multiple Vulnerabilities

   Original release date: April 9, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Adobe Flash Player 9.0.115.0 and earlier
     * Adobe Flash Player 8.0.39.0 and earlier

Overview

   Adobe  has  released  Security  advisory APSB08-11 to address multiple
   vulnerabilities  affecting  Adobe  Flash.  The  most  severe  of these
   vulnerabilities  could  allow  a  remote attacker to execute arbitrary
   code.

I. Description

   Adobe   Security   Advisory   APSB08-011   addresses   a   number   of
   vulnerabilities   affecting  the  Adobe  Flash  player.  Flash  player
   versions  9.0.115.0 and earlier and 8.0.39.0 and earlier are affected.
   Further  details  are  available  in  the  US-CERT Vulnerability Notes
   Database.

   An  attacker  could exploit these vulnerabilities by convincing a user
   to  visit a website that hosts a specially crafted SWF file. The Adobe
   Flash  browser  plugin  is  available  for  multiple  web browsers and
   operating systems, any of which could be affected.

II. Impact

   The  impacts  of  these vulnerabilities vary. The most severe of these
   vulnerabilities  allows a remote attacker to execute arbitrary code or
   conduct cross-site scripting attacks.

III. Solution

Apply Updates

   Check with your operating system vendor for patches or updates. If you
   get  the  flash  player  from  Adobe, see the Adobe Get Flash page for
   information about updates.

Restrict access

   These  vulnerabilities  can be mitigated by disabling the Flash plugin
   or  by  using  the  NoScript  extension to whitelist websites that can
   access   the   Flash  plugin.  For  more  information  about  securely
   configuring  web  browsers,  please  see the Securing Your Web Browser
   document.

IV. References

 * Adobe Security Advisory APSB08-011 -
   <http://www.adobe.com/support/security/bulletins/apsb08-11.html>
     
 * Adobe Flash Player Download Center -
   <http://www.adobe.com/go/getflash>
     
 * Understanding Flash Player 9 April 2008 Security Update
   compatibility -
   <http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html>

 * US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 - 
   <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>
     
 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 _________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA08-100A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@xxxxxxxx> with "TA08-100A Feedback VU#347812" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

   Revision History

   April 9, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR/zdXPRFkHkM87XOAQIR+ggAk0+t7keRs7OzyAsdG12UtFjyxheeX9Xi
Zl5UNxlnrUIAxe4eO0ySC+7TQm1MaJrBW2yWN7nbtf0pMGRfSudG78kv2KdVqT4o
SIrFhxIW+a4g2bFh56TEhZGRitMI+Yg3P0YyDA//svYvAQTXoEnBM0I4TBEYkb5C
d2X5O6cEJHpdz6yTlox0lnQb5fkpVsqGqnzagWtBAufEA482e1LeRiz/ehSs/SRa
iSbkadW30ZStsrRIrF1E7QRS1BF1QZ96C/5pgxl44zBb4d4+Dhjkk21S0hUjI/hm
FFKom4BrBaON+dRpsAWTDwxhM0Dib3YfskvKrdNic+lQ5ow/Mnp0Pg==
=SC0g
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux