US-CERT: United States Computer Emergency Readiness Team
Cyber Security Alert SA08-149A
Exploitation of Adobe Flash Vulnerability
Original release date: May 28, 2008Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows, Apple Mac OS X, and other operating systems that use Adobe Flash Player
Overview
A vulnerability that affects Adobe Flash Player is being actively exploited to install malicious software.
Solution
Apply Updates
Adobe has provided updates to remedy these vulnerabilities. To obtain the updates, visit the Adobe Player Download Center.
Description
Adobe Flash Player is affected by multiple vulnerabilities. If you open a malicious Flash file, which may be hosted on a website, an attacker may be able to take control of your computer or cause it to crash. The Adobe Security Bulletin provides updates that address these vulnerabilities.
This issue was first published in US-CERT Cyber Security Alert SA08-100A. However, recent reports indicate that at least one of these vulnerabilities is being actively exploited at the time of this document's publication.
For more technical information, see US-CERT Technical Cyber Security Alert TA08-149A.
References
- US-CERT Technical Cyber Security Alert TA08-149A.html - <http://www.us-cert.gov/cas/techalerts/TA08-149A.html>
- Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
- Adobe PSIRT Potential Flash Player Issue - update - <http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html>
- Adobe Security Advisory APSB08-011 - <http://www.adobe.com/support/security/bulletins/apsb08-11.html>
- Adobe Flash Player Download Center - <http://www.adobe.com/go/getflash>
- US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 - <http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
May 28, 2008: Initial release
Get Adobe Reader