Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flash Zero-Day Attack Underway

Posted by kdawson on from the gone-in-a-flash dept.

Robellus writes "Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.'"

4 of 246 comments (clear)

  1. Re:And people by pizzach · · Score: 4, Interesting

    Even if the current version in your distribution's repositories is not able to play YouTube videos, the cvs version at least can. I remember reading somewhere that getting and keeping YouTube movies playable was a top priority.

    --
    Once you start despising the jerks, you become one.
  2. Flash dependent sites by Mathinker · · Score: 5, Interesting

    > That's what temporary permissions are for.

    Yes, I use them all the time, but what does that really mean? After I temporarily enable Flash/JS malware for a badly designed site which is just not viewable without them, I'm not going to get temporarily "pwned". It's already "game over".

    Except for times like this, if the choice is enabling JS/Flash, or not getting information I was interested in, my thirst for information wins, all other things being equal (i.e., the URL looks like a legitimate one, etc.)

    I never enable JS or Flash in order to see sites which I get to through advertisements, however.

  3. Re:SNAFU by gaspyy · · Score: 4, Interesting

    Intentionally or not - you're trolling.

    1. Adobe Reader 8 launches almost instantly for me after the first run, when it optimizes its launch (and I always disable the startup option). Version 6 was awful but things have changed. I do agree that it's bloated (over 200Mb) but I had problems displaying complex/cmyk docs in Foxit. YMMV.

    2. Flash - use AdBlock. The technology is not at fault as flash is pretty lightweight itself. It's the advertisers who think I'll click their stupid ads if they add annoying sounds and the webmasters who think that by cramming more ads there's a better chance of me clicking on one.

    3. The update agent is slow 'cause it downloads only when the connection is idle. I do agree that it's annoying for it to ask to close almost all programs when updating.

    5. You do realize that camera and mic are turned off by default, don't you? You need to expressly enable them on a site-by-site basis.

    So there you have it.

    That's not to say that I don't hate Adobe myself for other things:
    - activation is a pain in the ass, especially if you don't get the chance to deactivate the software first from the old computer and activate on the new one (happened to me after a hdd crash).
    - the software is artificially segmented in some cases, e.g. Premiere and After Effects should be one software, or Illustrator and Indesign (CorelDraw acts as a combination between the two).

  4. Re:And people by aliquis · · Score: 4, Interesting

    If only that video-in-webpages-standard was implemented (is in Safari now) and used it would be so sweet to just remove that flashcrap alltogether. Too bad on webpages made only in flash but well, those suck anyway =P