The fourth 0-day vulnerability (after this one and these) in only two weeks has just appeared and it is targeting one of the most used plugins: the Flash Player from Adobe which is used to make web sites visually appealing, to watch videos on YouTube, to play online games, …
What do we face:
- A critical vulnerability in the Flash player (at least in version 9 and 10) which can be exploited from all browsers and OS when accessing a compromised website (drive-by attack) or when viewing a malicious PDF using Adobe Acrobat Reader ;
- Both exploitation methods have already been seen in the wild ;
- No mitigation methods except removing the Flash player or some of its components ;
- Javascript desactivation will not protect against all kind of exploitation ;
- Adobe will not release security updates until July 30.
What do you do ?
