US CERT - Adobe Flash - SA08-149A

M

MEB

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System
Cyber Security Alert SA08-149A


Exploitation of Adobe Flash Vulnerability

Original release date: May 28, 2008
Last revised: --
Source: US-CERT


Systems Affected

Microsoft Windows, Apple Mac OS X, and other operating systems that
use Adobe Flash Player


Overview

A vulnerability that affects Adobe Flash Player is being actively
exploited to install malicious software.


Solution

Apply Updates

Adobe has provided updates to remedy these vulnerabilities. To
obtain the updates, visit the Adobe Player Download Center.


Description

Adobe Flash Player is affected by multiple vulnerabilities. If you
open a malicious Flash file, which may be hosted on a website, an
attacker may be able to take control of your computer or cause it
to crash. The Adobe Security Bulletin provides updates that address
these vulnerabilities.

This issue was first published in US-CERT Cyber Security Alert
SA08-100A. However, recent reports indicate that at least one of
these vulnerabilities is being actively exploited at the time of
this document's publication.

For more technical information, see US-CERT Technical Cyber
Security Alert TA08-149A.


References

* US-CERT Technical Cyber Security Alert TA08-149A.html -
<http://www.us-cert.gov/cas/techalerts/TA08-149A.html>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* Adobe PSIRT Potential Flash Player Issue - update -

<http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html>

* Adobe Security Advisory APSB08-011 -
<http://www.adobe.com/support/security/bulletins/apsb08-11.html>

* Adobe Flash Player Download Center -
<http://www.adobe.com/go/getflash>

* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011
- <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>


____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/alerts/SA08-149A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA08-149A Feedback VU#395473" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

May 28, 2008: Initial release



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSD3lKHIHljM+H4irAQLdnQf9F4qCZzTjuL8nqz1Us5eYV50SMUcSMb0y
0+/TpgSNGCBiqZArimt1na5VHIBgeSpzFiWAXdpru+R5zjdK9Y/BVHT3f7v83oLT
o4MJD1cKXnJXSxMcG8x5WWFCl4XzHDPknBHK256MwYM5GQivBKYthoS6CTI+nVhv
rE24V9bbPwz6BaaCESfL30fwX+IM1R2Je9+hZAg8Kurb0uKkHKbNOB3Zgr2lrKWO
DHI3VESjHIqI1AxcE0uwl5M4UiEg8/L6bdqn1bWIKnc7FhmKOeDfwL52cStbTb8R
eAazTFgOvpm/07yLbfk99igygG2o5HEuJGQCnfTsdplCvvNQ5PMe5Q==
=BW2S
-----END PGP SIGNATURE-----
 
Back
Top Bottom