Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

Flash Player 10 has been released - please install

Announced just a short while ago:
http://blogs.adobe.com/psirt/2008/10/security_bulletin_for_flash_pl.html

As my regular readers know, there are security changes in Flash 10 that *may* impact on the ever problem malvertizements that have been a too-regular topic on this blog (btw, I received an email this morning from an AV company contact to warn me that bloomberg.com has been affected by malvertizing over the past week or so). The update also addresses clickjacking and clipboard hijacking.

Note: Adobe advises that "For customers who cannot upgrade to Flash Player 10, a Flash Player 9 update is currently scheduled for early November."

For what its worth, Flash Player 10 does not give us any additional control via the Flash Player Settings Manager over the inbuilt functionality that malvertizements use to hijack web browsers. Here's hoping the security changes built into Flash Player 10 will mitigate the problems.

Be alert: the installer *pre-checks* the option to install the Google Toolbar - if you're like me, and you don't want the gosh-darned toolbar, you will want to uncheck that option.

Published Thu, Oct 16 2008 9:41 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits

Comments

# re: Flash Player 10 has been released - please install

Saturday, October 18, 2008 6:35 AM by Maik

The way it reads to me, you need to uninstall the previous version before installing the latest version and you need to use the Flash uninstaller to do this. On a Windows pc you need to use the latest uninstaller, released 15 Oct. 2008. See:

kb.adobe.com/.../viewContent.do

# re: Flash Player 10 has been released - please install

Saturday, October 18, 2008 8:51 AM by sandi

As far as I know it is not necessary to manually uninstall Flash 9 before installing Flash 10. The Adobe Security blog makes no mention of such a requirement, nor does the security bulletin, or the Adobe getflash page, or the installation instructions page or the system requirements page.

# re: Flash Player 10 has been released - please install

Monday, October 20, 2008 5:04 PM by Maik

Thanks, you're correct: www.adobe.com/.../messageview.cfm

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

Flash Player 10 has been released - please install

Comments

# re: Flash Player 10 has been released - please install

# re: Flash Player 10 has been released - please install

# re: Flash Player 10 has been released - please install