Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe Macromedia advised users to update to the application's latest version in response to the flaw.
"Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities," Macromedia said in a security bulletin. "Users are recommended to update to the most current version of Flash Player available for their platform.
The company added that all users of Flash Player 8.0.22.0 should update to 8.0.24.0, available from the Player Download Center.
Adobe also thanked Microsoft for reporting the vulnerability to the company.
Secunia deemed the flaw worthy of its second most dangerous ranking, "highly critical," released an advisory on the flaw on Wednesday.
"Some vulnerabilities have been reported in Flash Player, which can be exploited by malicious people to compromise a user's system," the vulnerability monitoring firm said. "The vulnerabilities are caused due to unspecified errors and can be exploited to execute arbitrary code on a user's system when a malicious SWF file is loaded."
Secunia also credited Microsoft for discovering the flaw.
Microsoft, which distributed Flash Player with Windows XP Service Packs 1 and 2, Windows 98, Windows 98 SE and Windows ME, said its Security Response Center was "in communication with Adobe and is aware that Adobe has made updates that are available on their website."
"Microsoft encourages customers who use Flash Player to follow the guidance documented in Adobe's security bulletin," Microsoft said on its TechNet website.
The SANS Institute's Internet Storm Center also warned users that "a flash file has the potential to escape the flash engine and obtain access to the host system."
"Microsoft's writeup contains instructions on disabling the flash ActiveX control from executing. Firefox users could probably get away with using AdBlock to prevent the .swf files, although it's not necessary that the malware end in .swf," SANS warned. "We don't know much else. We don't know how it works. We don't know who's seen it, if anyone has."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.