Monday, September 13, 2010

Adobe Flash zero-day vulnerability under attack

This report from ZDnet covers an Adobe Flash zero-day, labelled CVE-2010-2884.

Adobe's advisory:

Is there any way to protect yourself against this without blocking Flash, until you get the update (due Sept 27)?  I would try the --safe-plugins option, which runs all your plugins in a sandbox. It could break some features, like Flash might not be able to access your webcam or microphone anymore. If I get the chance I'll try this out and let you know if anything breaks.

Note that as of today, Sept 13, virtually all web users are vulnerable to zero-day exploits for 3 different browser plugins, for which no fix is available: