※ [本文转录自 AntiVirus 看板] 作者: buytheway (∫) 看板: AntiVirus 标题: Re: [新闻] 骇客收割SQL Injection成果　发动Flash … 时间: Thu May 29 18:11:10 2008 ※ 引述《megaman1206 (megaman)》之铭言： : http://www.ithome.com.tw/itadm/article.php?c=49134 : 骇客收割SQL Injection成果　发动Flash零时差攻击 : 文/赵郁竹 2008-05-28 : 骇客已经在昨天下午开始发动Flash的零时差攻击，而上周发现的十万网页遭SQL : Injection攻击，就是在替此次的零时差攻击布局。 : 本周二（5/27）开始，安全厂商纷纷发现已有骇客开始针对Adobe Flash发动大规模零时 : 差攻击（Zero Day Attack），利用具备rootkit功能的後门程式，窃取使用者帐号密码。 : 使用者在Adobe释出修补程式前，最好先将Flash关闭。 这报导跟国外的有差异 根据pc magazine http://www.pcmag.com/article2/0,1895,2310320,00.asp 还有Adobe Security bulletin Vulnerability identifier: APSB08-11 http://www.adobe.com/support/security/bulletins/apsb08-11.html 指出 As McAfee reports, this vulnerability turns out to be very similar to another recent one, CVE-2007-0071, which affected Adobe Flash Player 9.0.115.0 and earlier. Adobe has declared that it is, in fact, the same vulnerability and that the current version, 9.0.124.0, is not vulnerable. SecurityFocus has gone so far as to retire their entry on it. 只有9.0.115.0或之前的版本受影响喔 检查你的flash是哪个版本 http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507 version 9.0.124.0 download http://www.adobe.com/support/flash/downloads.html 新增移除程式里面看的到有两种， Adobe Flash ActiveX 跟 Adobe Flash Plugin uninstaller http://tinyurl.com/d5qrf v9.0.124.0 Adobe Flash ActiveX for Internet Explorer http://tinyurl.com/zer2t v9.0.124.0 Adobe Flash Plugin for Firefox/Opera http://tinyurl.com/8nz9s 大家快补洞吧 -- 请大家帮忙支持连署让我到NewsTalks那个偏僻的角落担任翰林院编修 :) 国家研究院 政治, 文学, 学术 [Majestic] AboutService 组务 Σ国家研究院组务/申请区 [Majestic] AboutNew 申请 ◎国家研究院连署处 Majestic ● 716 5/19 buytheway ˇ [连署板主] NewsTalks --

※ 发信站: 批踢踢实业坊(ptt.cc) ※ 编辑: buytheway 来自: 61.59.59.147 (05/29 19:38) ※ grantchiue:转录至看板 C_Chat 05/30 09:29 --

※ 发信站: 批踢踢实业坊(ptt.cc) ◆ From: 140.123.220.111