According to my Google Analytics, only 11% of my visitors in the last month...are running an updated version of Adobe Flash (10.0 r42 or 9.0 r260).
On Dec 8th, Adobe released security bulletin APSB09-19 which addressed several critical vulnerabilities in versions older than 10.0.42.34.
As I have stated in the past, 11% is quite surprising, given the security implications of running old Flash player versions. McAfee recently recently their threat predictions for 2010 (PDF) and Adobe products are set to stay in the front of favored attack vectors...
The favorite vector among attackers is Adobe products, primarily Flash and Acrobat Reader. Using reliable “heap spray–like” and other exploitation techniques, malware writers have turned Adobe apps into a hot target. Further, Flash and Reader are among the most widely deployed applications in the world,4 which provides a higher return on investment to cybercriminals. Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked.If you aren't sure what version of Adobe Flash your browser supports, then I would highly recommend checking out Adobe's Flash Version Tester. At the time of this post, the latest & "greatest" version of Flash is 10.0.42.34.
About 80% of my visitors are running either IE or Firefox on Windows. For Windows users, I would recommend using Secunia's Online Online Software Inspector (OSI). The Secunia Online Software Inspector, or short OSI, is a fast way to scan your PC for the most common programs and vulnerabilities, thus checking if your PC has a minimum security baseline against known patched vulnerabilities. It checks for outdated versions of Adobe Flash, Sun Java, Quicktime, iTunes...and much more. It does require that Java be enabled for it to work...
Adobe provides uninstallers and installers for most of the major operating systems, so get to patching!
No comments:
Post a Comment