Time to disable Flash? Perhaps...
Friday, 13. November 2009, 03:35:54
Slashdot just linked to a Foreground Security article that describes an Adobe Flash attack from any domain that allows file uploads, and browsing of said content.
No patch from Adobe currently exists, and according to them:
Don't expect a fix from Adobe anytime soon.
Most frightening is the fact that the majority of Internet users have Adobe Flash installed and enabled -- which means all these users are vulnerable to this attack.
Ironically, the Foreground Security article includes a Flash tutorial video. Phishing anyone?
About the only mitigation factor is to disable Flash:
Good luck.
No patch from Adobe currently exists, and according to them:
"Unfortunately, there is no easy solution. This issue is very difficult to solve without also breaking existing, legitimate content elsewhere on the web."
Don't expect a fix from Adobe anytime soon.
Most frightening is the fact that the majority of Internet users have Adobe Flash installed and enabled -- which means all these users are vulnerable to this attack.
Ironically, the Foreground Security article includes a Flash tutorial video. Phishing anyone?
About the only mitigation factor is to disable Flash:
- If you use Opera, press [F12], uncheck "Enable plug-ins" -- until you actually need them.
- If you use Firefox, download and install the FlashBlock and NoScript extensions.
- Internet Explorer users should explore using Toggle Flash
Good luck.
![WalnutTree1[1].jpg](http://files.myopera.com/Lee_Harvey/albums/3090/thumbs/WalnutTree1%5B1%5D.jpg_thumb.jpg)
![FallenWalnut1[1].jpg](http://files.myopera.com/Lee_Harvey/albums/3090/thumbs/FallenWalnut1%5B1%5D.jpg_thumb.jpg)
WIDGETIZE