New Flash

[Tobatobu]

The patch, rated “critical” by Adobe, affects Flash Player 9.0.124.0 on all platforms. Adobe is recommending that users upgrade immediately to Flash Player 10.

Check your Flash Version Here:
Version test for Adobe Flash Player

Adobe updates Flash Player 9 to fix six security holes | Zero Day | ZDNet.com

Adobe updates Flash Player 9 to fix six security holes
Adobe has slapped another band-aid on its ever-present Flash Player to cover at least six documented security vulnerabilities that could expose users to a wide range of hacker attacks.

The patch, rated “critical” by Adobe, affects Flash Player 9.0.124.0 on all platforms. Adobe is recommending that users upgrade immediately to Flash Player 10.

The skinny on the latest Flash Player vulnerabilities:


CVE-2008-4818: This update includes a change to the way Flash Player interprets HTTP response headers to prevent a potential cross-site scripting attack.
CVE-2008-4819: This update introduces a change to mitigate a potential issue that could aid an attacker in executing a DNS rebinding attack.
CVE-2008-4823: This update introduces stricter interpretation of an ActionScipt attribute to prevent a potential HTML injection issue.
CVE-2008-4822: This update prevents an issue with policy file interpretation that could potentially lead to bypass of a non-root domain policy.
CVE-2008-4821: This update prevents an issue with the Flash Player interpretation of jar: protocol on Mozilla browsers that could potentially lead to information disclosure.
CVE-2008-4820: This update prevents a potential Windows-only information disclosure issue in the Flash Player ActiveX control.
Adobe provides this page to held end users determine which version of Flash Player is installed on a system. Keep in mind that any version below Flash Player 9.0.151.0 will be vulnerable to these attack scenarios.

Separately, Adobe released Security Bulletin ASPB08-21 to resolve a potential privilege escalation issue that is particularly applicable to ColdFusion servers in a shared hosting environment:

A vulnerability in ColdFusion could allow a lower-privileged user to bypass sandbox security and access sensitive information, and could potentially lead to a privilege escalation attack. This issue is particularly applicable to ColdFusion servers in a shared hosting environment. This issue is not remotely exploitable.
Affected software versions are ColdFusion 8, ColdFusion 8.0.1 and ColdFusion MX 7.0.2 Solution.

I urge everyone to update their Flash if you version prior than 10.

Any site that is running Flash ads could exploit these, and its important to stay up to date on your software. Running Firefox 3 with NoScript add-on is recommended.

If you previously had one of the latest versions of Flash, its very possible you have already auto-updated. Adobe recently pushed a Flash 10 update.

[Shuemue]

There's actually a huge notice at the top of the forum about Flash, it's been there a while too, and it links to the latest version.

[Tirrock]

Yeah, I thought there was yet another new version out that we really needed to download for a second there.

[Ikith]

This new version of flash causes sound delays on my ubuntu 8.10 install. Anyone have the same problem?

[SephYuyX]

New version of flash also causes some flash not to load, and some websites to crash on exit.

[Septimus]

Adobe has really dropped the ball frequently with flash since they took over. It is fairly depressing.

[Ikith]

So its flash and not my lappy or ubuntu install *wipes away sweat*

[Mizango]

Adobe has really dropped the ball frequently with flash since they took over. It is fairly depressing.

Yeah they have, they need to get their shit together.

[Correction]

Adobe has really dropped the ball frequently with flash since they took over. It is fairly depressing.

Arguably Flash has been a fucking disaster since its inception and all Adobe is doing is exploiting the inertia of web technologies to fix only those security holes with a modicum of public exposure.

[SephYuyX]

Im wondering when everyone will switch to MS Silverlight.

[Kiro]

MS Silver what now?

[Tirrock]

I got that to watch the olympics online. It was kind of neat.

[Septimus]

Arguably Flash has been a fucking disaster since its inception and all Adobe is doing is exploiting the inertia of web technologies to fix only those security holes with a modicum of public exposure.

There were not nearly as many screw-ups when Macromedia was developing it. Maybe the problems are just more visible now, but they didn't seem to be quite as horrible before Adobe took over.

[Ikith]

I still don't have flash installed on my Ubuntu laptop because of some shitty ass sound delay something is causing and I fucking know its not my laptop because previous versions of flash ran perfect on 8.04 and before. I'm quite sick of this bullshit! First I had to manually fix streaming on firefox on ubuntu for flash now I get a fucking sound delay. What the fuck is next hardcoding rm -rf into the .deb package or apt? Fuck you adobe fix this bullshit! Seriously sick of it!