Adobe Flash posts - Defense in Depth

May 27, 2008 10:46 AM PDT

Update 11:10 a.m. May 30: Despite earlier reports, version 9.0.124.0 of Adobe Flash Player has no new bugs. For the latest news, click here.

Legitimate Web sites hosting Adobe Flash Player content may be compromised to embed JavaScript that redirects users to a Chinese malware server, says Symantec. Affected versions of Adobe Flash Player include 9.0.124 .0 (latest version) and 9.0.115.0.

Symantec says that under certain conditions embedded JavaScript within the player will redirect users to dota11.cn. In an alert on Tuesday, Symantec said specific details about the vulnerability exploited were unknown, and initial testing of the in-the-wild exploit showed it to be unreliable. Nonetheless, Symantec said it had identified at least one commercial site, www.bridgettwalther.com, which is a horoscope Web site, but that the embedded malicious code has since been removed.

More details available here.

Symantec recommends that users use script-disabling plug-ins such as NoScript for Firefox to prevent embedded Flash scripts from being loaded.

Topics:: Browsers and extensions,; Security

Tags:: security,; Adobe Flash,; Symantec,; Javascript

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Nanotech - The Circuits Blog
Leaked HP, Gateway 'Core i3' laptops are low-cost
Due soon from Hewlett-Packard, Gateway, and others, the first mainstream laptops using Intel's new Core i3 chip are pretty cheap.
Gallery
En route to GPS-based air traffic control (images)
Technically Incorrect
AT&T, Luke Wilson try smaller coverage number
In a new Luke Wilson ad, AT&T claims its 3G network covers 230 million people. This contrasts with ads from November that featured total coverage rather than just 3G.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
InSecurity Complex
Q&A: Researcher Karsten Nohl on mobile eavesdropping
Researcher who tackled smart card security last year talks to CNET about how easy it is to listen in on GSM-based mobile phone calls now that the encryption has been cracked.
Video
Deep-sea volcanic explosion--part 1 (video)
The Social
For eBay sellers, a holiday hamster hangover
The gift frenzy over Zhu Zhu Pets leaves some power sellers feeling like they've just run a marathon--but the steep price tags driven by scarcity lead to some impressive profits.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
NASA trains WISE eye on the sky (photos)
Crave
Robots in 2009: The wackier, the better
No surprise here--some of the silliest and oddest robots of the year gone by were to be found in Japan. But who could top Taiwan's kissing bots?
Green Tech
Green-tech venture investing cools off in 2009
Green tech is still attracting billions of dollars a year, but the amount of money has shrunk significantly as investors began to focus on start-ups with the most potential.

Defense in Depth

Adobe Flash exploit raises concern

Most Popular

15 sites that went kaput in 2009

Top 10 news stories of the decade

About Defense in Depth

Defense in Depth topics

Antivirus

Audio and video

Bots and botnets

Browsers and extensions

Chat and e-mail

Criminal Hackers

Mobile

Networking

Phishing

Rootkits

Security

Spyware

Storage

Uncategorized

Most Discussed

Inside CNET News