Exploitation of Adobe Flash Vulnerability Cyber Alert

Exploitation of Adobe Flash Vulnerability

Original release date: May 28, 2008
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Windows, Apple Mac OS X, and other operating systems that use Adobe Flash Player

Overview

A vulnerability that affects Adobe Flash Player is being actively exploited to install malicious software.

Solution

Apply Updates

Adobe has provided updates to remedy these vulnerabilities. To obtain the updates, visit the Adobe Player Download Center.

Description

Adobe Flash Player is affected by multiple vulnerabilities. If you open a malicious Flash file, which may be hosted on a website, an attacker may be able to take control of your computer or cause it to crash. The Adobe Security Bulletin provides updates that address these vulnerabilities.

This issue was first published in US-CERT Cyber Security Alert SA08-100A. However, recent reports indicate that at least one of these vulnerabilities is being actively exploited at the time of this document's publication.

For more technical information, see US-CERT Technical Cyber Security Alert TA08-149A.

References

• US-CERT Technical Cyber Security Alert TA08-149A.html - <http://www.us-cert.gov/cas/techalerts/TA08-149A.html>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
• Adobe PSIRT Potential Flash Player Issue - update - <http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html>
• Adobe Security Advisory APSB08-011 - <http://www.adobe.com/support/security/bulletins/apsb08-11.html>
• Adobe Flash Player Download Center - <http://www.adobe.com/go/getflash>
• US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 - <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>

---

Feedback can be directed to US-CERT.