A recent vulnerability in the latest Adobe Flash version lead to a massive attack. More than 220000 pages on the Internet have been hacked most likely with an automated tool using a SQL injection attack. Those pages, some of well respected companies such as Nokia but also many non-profit organizations and town websites, redirect the user to websites that host the exploits for the Flash vulnerability.
If the system meets the requirements the exploit is used to download and execute trojans that steal information and droppers that download additional trojans. Information that are stolen are for example World of Warcraft account information while the droppers download files that add the computer to a botnet. (according to Trendmicro)
Most antivirus companies have already updated their software to disable the possibility that this exploit can be used on the computer the software is running on. Your best bet if you do not use antivirus software is to either disable Flash for now or use an extension like NoScript to block Flash on every domain but trusted ones.
Related posts:
New Information about latest Flash VulnerabilityAdobe Flash Player Clickjacking Vulnerability
Latest Firefox Web Browser Vulnerable to 0-Day Exploit
Flash Cookies explained
Are you running the latest browser version?
4 Responses to “Vulnerabilities in latest Flash version”
Trackbacks/Pingbacks
-
[...] the latest two versions of Adobe Flash was spreading like fire on the Internet yesterday. The Flash Vulnerability was used on specially prepared websites that would exploit the vulnerability to download [...]
I recommend flashblock :) it just targets flash
I recommend Firefox with noscript, it blocks all scripts from running, not just flash.
It’s actually not one but two latest versions
Adobe Flash Player 9.0.124.0
Adobe Flash Player 9.0.115.0
http://www.securityfocus.com/bid/29386/info