M
MEB
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA08-149A
Exploitation of Adobe Flash Vulnerability
Original release date: May 28, 2008
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows, Apple Mac OS X, and other operating systems that
use Adobe Flash Player
Overview
A vulnerability that affects Adobe Flash Player is being actively
exploited to install malicious software.
Solution
Apply Updates
Adobe has provided updates to remedy these vulnerabilities. To
obtain the updates, visit the Adobe Player Download Center.
Description
Adobe Flash Player is affected by multiple vulnerabilities. If you
open a malicious Flash file, which may be hosted on a website, an
attacker may be able to take control of your computer or cause it
to crash. The Adobe Security Bulletin provides updates that address
these vulnerabilities.
This issue was first published in US-CERT Cyber Security Alert
SA08-100A. However, recent reports indicate that at least one of
these vulnerabilities is being actively exploited at the time of
this document's publication.
For more technical information, see US-CERT Technical Cyber
Security Alert TA08-149A.
References
* US-CERT Technical Cyber Security Alert TA08-149A.html -
<http://www.us-cert.gov/cas/techalerts/TA08-149A.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* Adobe PSIRT Potential Flash Player Issue - update -
<http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html>
* Adobe Security Advisory APSB08-011 -
<http://www.adobe.com/support/security/bulletins/apsb08-11.html>
* Adobe Flash Player Download Center -
<http://www.adobe.com/go/getflash>
* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011
- <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA08-149A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA08-149A Feedback VU#395473" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 28, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD3lKHIHljM+H4irAQLdnQf9F4qCZzTjuL8nqz1Us5eYV50SMUcSMb0y
0+/TpgSNGCBiqZArimt1na5VHIBgeSpzFiWAXdpru+R5zjdK9Y/BVHT3f7v83oLT
o4MJD1cKXnJXSxMcG8x5WWFCl4XzHDPknBHK256MwYM5GQivBKYthoS6CTI+nVhv
rE24V9bbPwz6BaaCESfL30fwX+IM1R2Je9+hZAg8Kurb0uKkHKbNOB3Zgr2lrKWO
DHI3VESjHIqI1AxcE0uwl5M4UiEg8/L6bdqn1bWIKnc7FhmKOeDfwL52cStbTb8R
eAazTFgOvpm/07yLbfk99igygG2o5HEuJGQCnfTsdplCvvNQ5PMe5Q==
=BW2S
-----END PGP SIGNATURE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA08-149A
Exploitation of Adobe Flash Vulnerability
Original release date: May 28, 2008
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows, Apple Mac OS X, and other operating systems that
use Adobe Flash Player
Overview
A vulnerability that affects Adobe Flash Player is being actively
exploited to install malicious software.
Solution
Apply Updates
Adobe has provided updates to remedy these vulnerabilities. To
obtain the updates, visit the Adobe Player Download Center.
Description
Adobe Flash Player is affected by multiple vulnerabilities. If you
open a malicious Flash file, which may be hosted on a website, an
attacker may be able to take control of your computer or cause it
to crash. The Adobe Security Bulletin provides updates that address
these vulnerabilities.
This issue was first published in US-CERT Cyber Security Alert
SA08-100A. However, recent reports indicate that at least one of
these vulnerabilities is being actively exploited at the time of
this document's publication.
For more technical information, see US-CERT Technical Cyber
Security Alert TA08-149A.
References
* US-CERT Technical Cyber Security Alert TA08-149A.html -
<http://www.us-cert.gov/cas/techalerts/TA08-149A.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* Adobe PSIRT Potential Flash Player Issue - update -
<http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html>
* Adobe Security Advisory APSB08-011 -
<http://www.adobe.com/support/security/bulletins/apsb08-11.html>
* Adobe Flash Player Download Center -
<http://www.adobe.com/go/getflash>
* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011
- <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA08-149A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA08-149A Feedback VU#395473" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 28, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD3lKHIHljM+H4irAQLdnQf9F4qCZzTjuL8nqz1Us5eYV50SMUcSMb0y
0+/TpgSNGCBiqZArimt1na5VHIBgeSpzFiWAXdpru+R5zjdK9Y/BVHT3f7v83oLT
o4MJD1cKXnJXSxMcG8x5WWFCl4XzHDPknBHK256MwYM5GQivBKYthoS6CTI+nVhv
rE24V9bbPwz6BaaCESfL30fwX+IM1R2Je9+hZAg8Kurb0uKkHKbNOB3Zgr2lrKWO
DHI3VESjHIqI1AxcE0uwl5M4UiEg8/L6bdqn1bWIKnc7FhmKOeDfwL52cStbTb8R
eAazTFgOvpm/07yLbfk99igygG2o5HEuJGQCnfTsdplCvvNQ5PMe5Q==
=BW2S
-----END PGP SIGNATURE-----