Update your Flash Plugins!
29 May 2008 19:26
Flash is a dangerous little piece of software. It’s ubiquitous enough that an attacker can get quite a return from exploiting it, but (like most other browser plugins, sadly) it’s not always on people’s radar to keep updated.
As if that wasn’t bad enough, Will Dormann from CERT points out that even when you think to do it, keeping Flash updated can be tricky:
It is important to realize that a system may contain several instances of the Adobe Flash Player. The Adobe Flash Player plug-in installer for Windows will install only the Netscape-style plug-in for Flash, which is used by Mozilla Firefox, Opera, and other browsers that support plug-ins. The Adobe Flash Player ActiveX installer for Windows will install only the ActiveX version of Flash, which is used by Internet Explorer and other programs that use Internet Explorer components.
Firefox’s plugin flexibility further complicates matters:
Another cause for confusion is that Firefox allows plug-ins to be installed either system-wide or in a specific user’s profile. As a result, a Flash plug-in that was installed in one manner may not be updated properly if the new version of Flash is installed in a different manner. Other browsers may have similar issues.
Will concludes by advocating that you, ”[a]t the very least, make sure that you have attempted to upgrade to the latest version of Adobe Flash.” And while you’re at it, Lord Cardigan, could you just ride your horses through that valley over there ?
At any rate, make the effort, like the man said. Flash is a dangerous little piece of software.
Category: geekery/security
Copyright © 2006-2008 Phil Groce. All Rights Reserved.