Dave Segal wrote:
Does anyone have more info on this? What is the flaw and what can we do to
protect our users?
http://www.pcworld.com/businesscenter/article/146343/new_adobe_flaw_being_
used_in_attacks_says_symantec.html
The Flash Player Security Team had an interim response up yesterday
(when Symantec's release hit), and a more full response this morning:
http://blogs.adobe.com/psirt
The issue is still being researched, but as the security team says, this
appears to be a known issue, already addressed in the current Player
9.0.124 (and the Astro preview). It usually takes a few days to
completely nail down all variables within a report however, so keep an
eye on the security blog for best info.
I haven't gone into this issue deeply yet myself, but some press reports
yesterday said a malformed SWF was hosted on two servers in China, and
that there were HTML injections into many mainstream websites to refer
to those two SWF. However, I've read that those two Chinese addresses
were already taken offline, meaning that the webpage references won't
resolve, and that this route to trouble has already been effectively
closed. That's just my understanding, though, and would need first-hand
confirmation to be sure.
jd
--
John Dowdell . Adobe Developer Support . San Francisco CA USA
Weblog: http://weblogs.macromedia.com/jd
Aggregator: http://weblogs.macromedia.com/mxna
Technotes: http://www.macromedia.com/support/
Spam killed my private email -- public record is best, thanks.
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
