Guru3D.com Forums

Go Back   Guru3D.com Forums > General Chat > Frontpage news
Frontpage news Perhaps you have some news to report or want to check out the latest Guru3D headlines and comment ? Check it in here.


Reply
 
Thread Tools Display Modes
Adobe Update Nixes Flash Player Zero Day
Old
  (#1)
Veeshush
Master Guru
 
Veeshush's Avatar
 
Videocard: MSI GTX 680 Lightning
Processor: Phenom II X6 1100T
Mainboard: ASUS M4A77D
Memory: CorsairDominator 8GB DDR2
Soundcard: X-Fi Titanium HD
PSU: ENERMAX REVOLUTION85+
Exclamation Adobe Update Nixes Flash Player Zero Day - 04-28-2014, 22:37 | posts: 788

Quote:
Adobe Update Nixes Flash Player Zero Day

Adobe Systems Inc. has shipped an emergency security update to fix a critical flaw in its Flash Player software that is currently being exploited in active attacks. The exploits so far appear to target Microsoft Windows users, but updates also are available for Mac and Linux versions of Flash.

The Flash update brings the media player to v. 13.0.0.206 on Windows and Mac systems, and v. 11.2.202.356 for Linux users.

IE10/IE11 and Chrome should auto-update their versions of Flash. If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser.

The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

In its advisory about this vulnerability, Adobe said it is aware of reports that an exploit for the flaw (CVE-2014-0515) exists in the wild, and is being used to target Flash Player users on the Windows platform.

That advisory credits Kaspersky Lab with reporting the vulnerability, and indeed Kaspersky published a blog post today detailing two new exploits that have been spotted in the wild attacking this vulnerability. Both exploits, according to Kaspersky, have been used in so-called “watering hole” espionage attacks, an increasingly common attack technique involving the compromise of legitimate websites specific to a geographic area which the attackers believe will be visited by end users who belong to the organization they wish to penetrate.

This is the second time in as many months that Adobe has shipped a patch to fix a zero-day vulnerability in Flash. What’s more, a well-known Flash exploitation technique was implicated in a separate Internet Explorer zero-day attack that Microsoft warned about yesterday.

While Flash is required by a great many Web sites, there is no reason to let this browser plug-in run content automatically when you visit a Web site. Rather, I’ve urged readers to rely on “click-to-play,” a feature built into Google Chrome, Mozilla Firefox and Opera (and available via add-ons in Safari) that blocks plugin activity by default, replacing the plugin content on the page with a blank box. Users who wish to view the blocked content need only click the boxes to enable the Flash or Java content inside of them. For more on setting up your browser to use click-to-play for Flash and other browser plugins, see Help Keep Threats at Bay with Click to Play.
https://krebsonsecurity.com/2014/04/...ayer-zero-day/

This is separate from the IE zero-day. Update your Flash.

edit

Detailed report on how this exploit works: https://www.securelist.com/en/blog/8...g_hole_attacks

Last edited by Veeshush; 04-28-2014 at 23:36.
   
Reply With Quote
 
Old
  (#2)
sykozis
Ancient Guru
 
sykozis's Avatar
 
Videocard: Radeon R7 240
Processor: AMD Athlon 5350
Mainboard: Asus AM1M-A
Memory: 8gb G.Skill DDR3-1866
Soundcard: Realtek® ALC887-VD
PSU: Unk 300watt
Default 04-28-2014, 22:58 | posts: 16,122 | Location: US East Coast

Thanks for the heads up.


   
Reply With Quote
Old
  (#3)
tsunami231
Ancient Guru
 
tsunami231's Avatar
 
Videocard: EVGA 660gtx sig2
Processor: i7 920 CNPS10X Quiet
Mainboard: Evga x58 SLI LE
Memory: 3x2gb Dominator@1600 6Gb
Soundcard: Realtek HD Audio
PSU: Antec Truepower 750
Default 04-28-2014, 23:07 | posts: 3,207 | Location: USA

like wise thanks, othere wise i check once every few weeks if that for updates
   
Reply With Quote
Old
  (#4)
Veeshush
Master Guru
 
Veeshush's Avatar
 
Videocard: MSI GTX 680 Lightning
Processor: Phenom II X6 1100T
Mainboard: ASUS M4A77D
Memory: CorsairDominator 8GB DDR2
Soundcard: X-Fi Titanium HD
PSU: ENERMAX REVOLUTION85+
Default 04-28-2014, 23:11 | posts: 788

Quote:
Originally Posted by tsunami231 View Post
like wise thanks, othere wise i check once every few weeks if that for updates
I use 3 things to keep up on all this crap.

1. https://browsercheck.qualys.com/

2. https://krebsonsecurity.com/

3. And then recently I started checking http://www.wilderssecurity.com/categ...ity-topics.43/

Follow any of those then you can keep up on this stuff pretty easy.
   
Reply With Quote
 
Old
  (#5)
sykozis
Ancient Guru
 
sykozis's Avatar
 
Videocard: Radeon R7 240
Processor: AMD Athlon 5350
Mainboard: Asus AM1M-A
Memory: 8gb G.Skill DDR3-1866
Soundcard: Realtek® ALC887-VD
PSU: Unk 300watt
Default 04-28-2014, 23:50 | posts: 16,122 | Location: US East Coast

I'm a member on wilderssecurity but there's too many on that forum with oversized egos.

Discussions on security are very similar to our "intel vs amd" and "nvidia vs amd" threads...

I probably visit krebs once a year....and I'm not really a fan of sites that use web based scanners. You never know exactly what the scanner is really doing.



Last edited by sykozis; 04-28-2014 at 23:52.
   
Reply With Quote
Old
  (#6)
Sasquatch
Master Guru
 
Sasquatch's Avatar
 
Videocard: XFX HD 6450 2GB :(
Processor: FX 6300 Vishera @ 4.1GHz
Mainboard: ASUS M5A97 R2.0
Memory: GSKILL Ripjaws 2x8Gb 1866
Soundcard: SB-Z & JVC HA-RX700
PSU: Corsair TX650
Default 04-29-2014, 00:06 | posts: 355 | Location: Montana

Personally, I've had more issues with Flash than any other software & I've stopped using it.
Really wish more websites & companies would stop using it.
   
Reply With Quote
Old
  (#7)
Rich_Guy
Ancient Guru
 
Rich_Guy's Avatar
 
Videocard: MSi Gaming 290X 1080/1250
Processor: i7 920 D0
Mainboard: Biostar Tpower x58
Memory: 6GB Corsair DDR3
Soundcard: Xonar DX - Logi. X-530s
PSU: Corsair AX860w
Default 04-29-2014, 11:18 | posts: 8,702 | Location: UK

Just checked it, and it updated itself yeterday to the latest version.
   
Reply With Quote
Old
  (#8)
lucidus
Ancient Guru
 
lucidus's Avatar
 
Videocard: 780
Processor: i7 920 3.7GHz
Mainboard: Asus P6T Deluxe
Memory: 6GB
Soundcard: Onboard
PSU: Corsair TX750
Default 04-29-2014, 12:57 | posts: 6,561 | Location: Dubai

Ah so that's what it was for. I have flash on an ask to activate basis and now that youtube's HTML5 support is very good, I have little use for flash.

Last edited by lucidus; 04-29-2014 at 13:04.
   
Reply With Quote
Reply

Tags
adobe flash, exploit, zero day

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright (c) 1995-2014, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.