CyTRAP Labs reminder - 2007-12-20 - Adobe Flashplayer - critical update
| Adobe has issued an important security patch for its Adobe Flashplayer that fixes several critical vulnerabilities (Please click on the link, choose Login as guest - click on this link again and voila free access) |
| If you have default Update installed with the program, the latest version should be downloadd automatically next time you log onto the internet (for more details see below) |
This vulnerabilitiy exposes you to a risk that we rate as follows:
| CyTRAP Labs security risk barometer - 4 = critical |
||||
| low | elevated | moderate- ly critical | critical | severe |
| 1 | 2 | 3 | 4 | 5 |
CyTRAP Labs security risk barometer
WHAT CAN YOU DO?
| operating system affected |
|
| affected software |
Hence, start your Flash Player on your PC go to Help > Update check |
| risk | rating given for these vulnerabilities is a 4 (four) |
| where is the patch? | depending upon the operating system you run:
you need admin rights to install the patch! |
| what should one do? | The Software Update preference pane is set to automatically check by default if you have the latest version installed.Hence, once you go onto the internet, the latest version should be downloaded automatically, if you are not sure, read below we tell you how to check and download manually if need be - quick and easy. |
| how can I check that I do have the latest version installed | click About Adobe Flash Player from the Help menu this shows which version runs on your machine |
| not patching the vulnerability could cause what kind of damage to my PC? DO NOT OPEN IMAGES, MOVIES, ETC. from untrusted sources | 1 could be exploited by attackers to find out which TCP ports on known host computers are open or closed2 when executing specially crafted documents, input validation errors could be exploited by attackers to execute arbitrary code$
3. could be exploited to bypass security restrictions on the host computer 4 more nasty things… |
| where can one get more details from the vendor? | vendor Adobe has issued a security bulletin |
| where can you get more technical information about the vulnerabilities | CVE-2007-4768, CVE-2007-6243, CVE-2007-6244,CVE-2007-6245, CVE-2007-6246, CVE-2007-4324,CVE-2007-5275, CVE-2007-5476, CVE-2007-6242, |
| release date from vendor | 2007-12-18 - Pacific Standard Time |
| why is this a reminder and not an alert? | security alert or reminder - that’s the question |
| did CASEScontact.org release an advisory about this earlier? | No we did not because it was not a case whereby the code was being exploited by hackers while spreading via the Internet |
| did CASEScontact.org release a zero-day advisory | NO we did not issue a zero-day advisory see also patched zero-day archive) |
============>
60% OF THIS ITEM’S READERS SUBSCRIBED ALREADY
CyTRAP Labs invites you to get info about zero-day exploits, tools, benchmarking and regulatory intell. BETTER, just become one of our readers by subscribing right now to one or more of our highly acclaimed services.
====>
Also related:
Archive for the ‘CyTRAP Labs - reminder’ Category
Adobe Flash Player, affected software, bypass security restrictions, CVE 2007 4324, CVE 2007 4768, CVE 2007 5275, CVE 2007 5476, CVE 2007 6242, CVE 2007 6243, CVE 2007 6244, CVE 2007 6245, CVE 2007 6246, Firefox, Flash Player 9.0.48.0, free access, Mozilla, Netscape, open images, Opera, operating system, risk rating, security hotfix, security update, security patch, security risk, software flash player, software update, untrusted sources, vulnerability, vulnerability patch
