[Aikar]

THIS EXPLOIT IS UNPATCHED. THERE IS NO NEW VERSION OF FLASH OUT YET TO FIX IT. PLEASE DO WHAT THIS POST SAYS
Thanks to diemos for notification of this. http://secwatch.org/...sories/1021314/

There is another flash exploit currently unpatched with the Adobe Flash Player.

Users without protection are vulnerable to this exploit.

To protect yourself, please follow this guide first of all to get necessary browser changes: http://forums.window...showtopic=11323

Once you are booted into FireFox with NoScript:

Right click NoScript Icon in bottom right corner -> Options -> Plugins tab

Put a checkbox on "Apply these restrictions to trusted sites too"


This will block Iframes and Flash on EVERY website, even trusted ones, allowing normal javascript to run so site functions but blocking flash/iframes to only run when you specifically allow them for this browsing session.

Any site using flash (ie youtube) will simply have a box with no script icon that you can click to show it.

This will protect you from the new exploit as long as you dont retardedly run a flash file that you shouldnt be.

[Igloco]

Thanks Aikar ^^

Time to change the password again..... ; ;

[nefarious]

Is this the same as the FFXIAtlas issues?

Is there any antivirus currently capable of catching the infections this causes?

I'd like to scan just to be safe. . . but I'm unsure of where to start.

[souleman]

No, this is not the same as the thing on ffxiatlas.

Not sure if any AV is grabbing either one yet, but the ffxiatlas one should be detected by now, since its just a variant of an older virus from a few months ago.

[nefarious]

souleman, on Aug 28 2008, 10:36 PM, said:

No, this is not the same as the thing on ffxiatlas.

Not sure if any AV is grabbing either one yet, but the ffxiatlas one should be detected by now, since its just a variant of an older virus from a few months ago.

This flash exploit can come from any website atm?


I don't go anywhere besides here, KI, FFXIAH, and FFXIWiki, or BG sometimes ... and I'm on Vista with FF3.1 and I noscript selectively. But noscript is fucking obnoxious and I end up allowing globally because allowing just on the one site seems to not restore functionality to some sites.

[souleman]

Haven't heard any reports of the flash exploit hitting ffxi sites. There was a report about it on youtube (can't remeber where I saw it), and a few "big" sites that use banner ad's, because it was embeded into the banner ad's. Basically, any site that allows people other then the owners to put up flash (banner ad's, video's, etc) has a possiblity of hosting the exploit.

[shermie]

OK I did some research on this exploit and it seems that it's fixed already.

First thing that caught my attention is that the secwatch advisory was issued in May.

I googled the vulnerability, and SecurityFocus says that the advisory is retired:
http://www.securityf...d/29386/discuss

Even Adobe says so:
http://blogs.adobe.com/psirt/2008/05/poten...ayer_issue.html
http://blogs.adobe.com/psirt/2008/05/poten..._issue_u_1.html
http://blogs.adobe.com/psirt/2008/05/more_...recent_fla.html
http://www.adobe.com/support/security/bull.../apsb08-11.html

Unless the advisory on SecWatch is talking about something else. And one interesting thing is, the homepage of Secwatch is last updated on 28th May, 2008?

[The Onyx Sphinx]

shermie, on Sep 11 2008, 02:24 PM, said:

OK I did some research on this exploit and it seems that it's fixed already.

First thing that caught my attention is that the secwatch advisory was issued in May.

I googled the vulnerability, and SecurityFocus says that the advisory is retired:
http://www.securityf...d/29386/discuss

Even Adobe says so:
http://blogs.adobe.com/psirt/2008/05/poten...ayer_issue.html
http://blogs.adobe.com/psirt/2008/05/poten..._issue_u_1.html
http://blogs.adobe.com/psirt/2008/05/more_...recent_fla.html
http://www.adobe.com/support/security/bull.../apsb08-11.html

Unless the advisory on SecWatch is talking about something else. And one interesting thing is, the homepage of Secwatch is last updated on 28th May, 2008?

You sure the May 28th one isn't for the previous Flash exploit from around that time?

[shermie]

From the second-last link in my post, this is what Adobe PSIRT said:
- This is not a zero-day exploit. Despite various reports that have been circulating, the Flash Player Standalone 9.0.124.0 and Linux Player 9.0.124.0 are NOT vulnerable to the exploits discussed in conjunction with the previously disclosed vulnerability Symantec posted on 5/27/08. Symantec originally believed this to be a zero-day, unpatched vulnerability, but as their latest update on their Threatcon page indicates, they have now confirmed this issue does not affect any versions of Flash Player 9.0.124.0.

I cannot be exactly sure if the advisory on SecWatch is referring to the same issue or not, however:
1. The SecWatch advisory is vague, and it didn't provide much information. (e.g. links to CERT, Symantec, etc.)
2. The SecWatch website had NO updates for 3 months now.
3. I cannot find any new advisories concerning Adobe Flash on CERT, Symantec, Adobe, and SecurityFocus since May 2008.
4. I am unconvinced that Adobe will leave such vulnerability unpatched for MONTHS if the exploit is as the advisory put, "reportedly being exploited in the wild". Even Microsoft would have done something by now.
5. Adobe said the vulnerability is patched.

Given the above reasons, I believe the current version of Adobe Flash Player is safe. I could be wrong of course. That's why I made the post and I hope Aikar or other admins/professionals can confirm my findings or point out if there are anything I missed.

[ginger]

I found the best protection yet.

I got a laptop from work today for free, because the hard drive was dead.
I downloaded ubuntu, I only the laptop off a live CD. How great is that!

This post has been edited by ginger: 12 September 2008 - 10:35 PM