Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Flash Player 10 has been released – please install

October 15th 2008 in Uncategorized

Announced just a short while ago:
http://blogs.adobe.com/psirt/2008/10/security_bulletin_for_flash_pl.html

As my regular readers know, there are security changes in Flash 10 that *may* impact on the ever problem malvertizements that have been a too-regular topic on this blog (btw, I received an email this morning from an AV company contact to warn me that bloomberg.com has been affected by malvertizing over the past week or so).  The update also addresses clickjacking and clipboard hijacking.

Note: Adobe advises that “For customers who cannot upgrade to Flash Player 10, a Flash Player 9 update is currently scheduled for early November.

image

 

For what its worth, Flash Player 10 does not give us any additional control via the Flash Player Settings Manager over the inbuilt functionality that malvertizements use to hijack web browsers.  Here’s hoping the security changes built into Flash Player 10 will mitigate the problems.

 

 

 

Be alert: the installer *pre-checks* the option to install the Google Toolbar – if you’re like me, and you don’t want the gosh-darned toolbar, you will want to uncheck that option.

image


3 comments to...
“Flash Player 10 has been released – please install”

Maik

The way it reads to me, you need to uninstall the previous version before installing the latest version and you need to use the Flash uninstaller to do this. On a Windows pc you need to use the latest uninstaller, released 15 Oct. 2008. See:

kb.adobe.com/…/viewContent.do



sandi

As far as I know it is not necessary to manually uninstall Flash 9 before installing Flash 10.  The Adobe Security blog makes no mention of such a requirement, nor does the security bulletin, or the Adobe getflash page, or the installation instructions page or the system requirements page.



Maik

Heads up – this is the affected patch MS08-066: Vulnerability in the Microsoft Ancillary Function driver could allow elevation of privilegehttp://support.microsoft.com/kb/956803 Yes, this has happened before. See this ZoneAlarm announcement:http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html From what I understand, ZA 7.0.483.000 is not affected. Thanks to Susan, Robear and Bill 🙂

Previous Entry

The bad guys were mentioned here:http://msmvps.com/blogs/spywaresucks/archive/2008/10/14/1650776.aspx quicktds.name – 216.240.134.211 – California – Irvine – Go2online CorpICANN Registrar – Directi Internet SolutionsCreated 16 September 2008NS: NS1.STARTED.RU (now NS1.SUSPENDED-DOMAIN.COM)NS: NS2.STARTED.RU (now NS2.SUSPENDED-DOMAIN.COM)Registrant: Previously hidden behind privacyprotect.orgWHOIS now reveals: Registrant:     Vladislav A. Ternov (vladislavternov@googlemail.com) – email address associated with 4 domains.    Dimeevskaya 20 kv.134    Odessa    […]

Next Entry

Archives