Tag: arbitrary code execution

Time to update Adobe Flash Player 10.0.22.87

Paul

Adobe has issued a patch for some of the exploits in the wild. This should be installed on any system that isn’t up to the date with Adobe’s player. If you want to check your systems version you can go here and it will tell you what your version is and what the current version is.

If it doesn’t look like this:

adobe1002287

[ad#ad2-right]Then your on the wrong website.   According to Adobe this fixes CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521.

This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520)

This update resolves an input validation issue that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com has been deployed to avoid a potential Clickjacking issue variant for Flash Player. The Settings Manager is a special control panel that runs on your local computer but is displayed within and accessed from the Adobe website. (CVE-2009-0114)

This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)

This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)

[Via Adobe Website]

Although this is due to the problem with the exploits in the Windows environment, this however won’t stop virus writers from using this exploit for the Macintosh and Linux Distro’s.  This should be updated on there system also.

Apple’s Not immune after all

Paul

In a recent post from the San Internet Storm Center:

Apple

[ad#ad2-right]Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

In Any case It is time to update the software and maybe think about installing anti-virus software also.  Although the Mpeg-2 Playback Component vulnerability is for Windows Vista, XP SP2 and SP3.  You can see where a hacker would use that for a windows system very easily.   So you must be careful what you click on and remember that your no longer safe.  You know how they will want to test out the waters for OSX just because they could so this year I predict Apple will start having even more Malware and Viruses than ever before.