|
|
|
Limit Flash Exploit Exposure, Uninstall ActiveX Version |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Yesterday, Adobe issued Security Advisory APSA11-02. The advisory states that A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions Adobe Flash Player 10.2.154.25 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X 10.0.2 and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. And this new vulnerability is currently being exploited in the wild There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash .swf file embedded in a Microsoft Word .doc file delivered as an email attachment, targeting the Windows platform. Flash files in embedded in Office This attack vector prompted the following question from Brian Krebs Does anyone know of a reliable way to disable the rendering of Flash objects in MS Office files across the board Our thought is why disable what you can easily uninstall We don't generally use Internet Explorer, so we don't need the IE version of Flash Player enabled at all. For Flash on the Web, you can use a designated browser other than IE . Do you really need Flash enabled for Office This is what Microsoft Office will prompt when opening a document spreadsheet presentation containing embedded Flash content with no ActiveX version of Flash installed. Some controls on this presentation can't be activated. The Non-IE versions of Flash Player are of course still vulnerable to exploit, but it's harder to image a successful targeted attack via e-mail against them, which is probably why current attacks are using Office. Incidentally, it looks as if the next version of Flash Player 10.3 will include a control panel applet Flash control panel applet Looks promising Flash Player Settings Manager On 12 04 11 At 03 27 PM
Les mots clés de la revue de presse pour cet article : flash exploit activex
Les videos sur SecuObs pour les mots clés : flash exploit
Les mots clés pour les articles publiés sur SecuObs : exploit
Les éléments de la revue Twitter pour les mots clé : flash exploit activex
Les derniers articles du site "F Secure Antivirus Research Weblog" :
- OnionDuke APT Attacks Via the Tor Network
- What grade does your favorite app get
- Remember, Remember the Fifth of November
- Vote For Freedome Beta
- Multi-language support Not your everyday spam
- It's Not a Game - It's a Violation of Human Dignity
- 101 Bad Android Apps
- A Tale of Two Powerpoint Vulnerabilities
- Wanted Testers For The Greatest Android App Ever
- RATs threatening democracy activists in Hong Kong
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
