Vulnerability Issues Regarding Flash Player (5/30/08)

[Aangeliceus]

With the recently announced security reports, we are now aware of the possibility of malicious attacks that can exploit the vulnerability of the Adobe Flash Player.

By exploiting this vulnerability, there is a possibility of malicious programs being installed on your system. As a result, your account's security may be in danger. According to Adobe Systems, the newest available version of Adobe Flash version 9.0.124.0 does not contain this vulnerability. As a security measure, we highly recommend you perform this update.

You will be personally responsible for installing and updating the program. As we have often reminded our players in the past, we ask that you continue to monitor and update the security of your system and Internet connection to prevent any harm caused by infected websites and malicious programs. Also, do not access or download software from sites you are unfamiliar with.

You can install the most recent Flash Player through the following website from Adobe Systems:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

If you are unaware of which version you currently have installed, you can check through here:
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507&sliceId=1

http://www.playonline.com/ff11us/polnews/news13509.shtml

 

[Aangeliceus]

I will post a better picture of this, but this is a snapshot of the Ultima Forums statistics and the versions our visitors use. a MAJORITY of people need to upgrade if this is indeed an avenue of attacks.

The confirmed latest version is 9.0 r124.

 

[Varda]

I just checked my machines. My Mac at home was already on 124, so no problem there. Firefox on my work laptop was at 115, but I run FlashBlock and therefore don't see a lot of the flash ads and such. It's at 124 now, and hopefully I didn't run into one of the malicious flash files earlier.

I checked IE just in case, and its version was way back at 45.... >_< I only use IE for a few web apps our company requires (and that don't run on Firefox >_<), but it disturbs me that the version was as old as it was. It's at 124 now, but I'm going to have to keep my eye on it. Seems like updates may not hit both at once.

Btw, a friend at work said there was an announcement on WoW as well about the issue. Seems like it might be a big deal.

 

[Archain]

That's for pointing this out, I think I would have missed it.

 

[Aangeliceus]

Revised Flash Use Report

Here is an update on the Flash usage by our visitors. [Date Range of data: 5/30 to 6/16]

Another reminder to check your version of Flash Player...

AND use the new security-token released by SE for PlayOnline.

Check your Flash Version here.

 

[Fodder]

42% of you are going to get your shit jacked, go update flash - it takes 30s.

 

[Ehon]

AND use the new security-token released by SE for PlayOnline.

Check your Flash Version here.

I'm assuming the "Security-token"== the new login location feature?

There wasn't much posted, but if so, yeah, it's a cool idea because it basically breaks the default location check that a lot of XSS sites were using.

When you start up POL, just click Security Settings and choose a new path. I suggest a removable medium (jump drive, etc) that can be REMOVED when you're not playing.

 

[Aangeliceus]

Yeah. Ehon, thats the best method. I just use a USB jump drive for when I use a PC to login with. Non-standard drive and its never in the CPU when I'm not playing.