In a previous article in this series I told you about a reported exploit for Adobe Flash Player. It seems that the security bulletin that this exploit was based upon was released before the version 9.0.124.0 of the Player. Reading the latest security bulletin Adobe informs us that the exploit is not applicable to this version of the player:

This is not a zero-day exploit. Despite various reports that have been circulating, the Flash Player Standalone 9.0.124.0 and Linux Player 9.0.124.0 are NOT vulnerable to the exploits discussed in conjunction with the previously disclosed vulnerability Symantec posted on 5/27/08. Symantec originally believed this to be a zero-day, unpatched vulnerability, but as their latest update on their Threatcon page indicates, they have now confirmed this issue does not affect any versions of Flash Player 9.0.124.0.

So our recommendation is to update your Flash player to the latest version in order to prevent the nastiness that may occur with this exploit.

Popularity: 40%