Wednesday, May 28, 2008

Why you really do have to apply those patches immediately ...

Or abandon #$!$%%$ Flash and XP ...

Slashdot | Adobe Flash Zero-Day Attack Underway

...Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue..

It doesn't suffice to restrict browsing to "quality" sites. If those sites are hacked, then traffic can be redirected to a site where the a specially crafted .SWF file launches the exploit and attacks your machine. Antiviral software won't help either -- at least until it's patched and updated (too late).

Keeping up with these patches is a slow, onerous task -- particularly on a slow booting XP machine (forget Vista!).

The easiest defense is to use a Mac. Even though Flash on OS X is vulnerable, it's doubtful that the injected malware will work, particularly if you run in standard user mode (nobody who reads this blog would be foolish enough to run OS X as an admin).

Eliminating Flash, a notorious source of vulnerabilities, is the next option to consider. I'd really like to see Apple do their own Flash interpreter. (QuickTime is about as bad, but at least that gets patched through Apple's updater.)

No comments: