Security updates for Flash & Shockwave
Adobe has released security updates for Flash Player and Shockwave Player . The update deals with this security bulletin , a bug that an attacker may use to exploit older versions of the Flash Player, Shockwave Player, and/or Adobe Acrobat to take control of your computer system. An update for Acrobat Reader is expected before the month ends (Friday).
Adobe flash zero-day exploit underway
There is a previously unknown security vulnerability (thus, “zero-day”) in Adobe’s Flash Player that malware authors (“the bad guys”) are exploiting to infect computers that happen across infected sites (think mad pop-ups, password sniffers, keyloggers, viruses, trojans, data loss, endless headaches, etc.). Since Flash Player is extremely popular, everyone will probably be subject to this attack.
A report on SecurityFocus, a leading security-research website, reveals the widespread problem at hand:
Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.
More information can be found at the following sites:
To prevent being exploited, you may wish to uninstall Adobe Flash Player from your computer until Adobe releases an update, or temporarily disable it with extensions such as NoScript for FireFox.