Have you counted how many times you have had to upgrade your Flash Player lately. Well, there's usually a reason for it. Any technology that approaches ubiquity on the Web is more likely than not to attract a virus. I guess we can consider that a Web "Golden Globe" award that every programmer aspires to.
The U.S. Computer Readiness Response Team (CERT) has put Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, on their Cyber Security Bulletin this week with a high vulnerability status that "allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified 'filter evasion' manipulations."
What does that mean? In a nutshell, the vulnerability can allow an attacker to take control of your system. For that to happen, an attacker must inject a malicious SWF (aka Shockwave Flash) onto a Web site and into your Flash Player. The odds that might happen to you are greater than you winning the lottery, but less than the San Andreas fault moving some time in the future.
Time to upgrade your Flash Player.
Comments