What Is It?

Adobe, which now owns and supports the Macromedia Flash player, has released an update to fix several security vulnerabilities, some of which could allow unauthorized remote code execution. This means that an attacker could take advantage of the vulnerability to take complete control of your computer, and install malicious software or turn your computer into a zombie.

US-CERT Technical Cyber Security Alert TA07-192A, at http://www.us-cert.gov/cas/techalerts/TA07-192A.html, lists three separately cataloged vulnerabilities.

What Should You Do?

You should update your Flash player at your earliest convenience.

Important: If you use two or more Web browsers, you must install the control into each of them.

There are several ways to do this.

1. Visit the Adobe Flash Player Download Center for Windows, at http://www.adobe.com/go/getflashplayer/, and download and install version 9,0,47,0 of the Flash Player, following the directions on that page.
   • The page (and URL) that actually displays varies, depending upon your operating system. Windows users get a Windows version of the control, and Apple Macintosh users get a version for their operating system, whether it be Panther, Tiger, or, presumably, the older System.
   • You must check the box next to, "I agree to the Adobe Flash Terms of Service," before you can download the update.
   • Click the Install Now button, which is located directly below the Terms of Service acknowledgment check box.
   • In Internet Explorer 6 and 7, the Information Bar displays, saying "The website wants to install the following add-on: 'Adobe Flash Player' from 'Adobe Systems Incorporated.' If you trust the website and the add-on and want to install it, click here..."
   • When you click, as directed, a short context menu displays. Choose the first option, Install ActiveX Control ..."
   • After the update downloads, a dialog box asks if you want to install this software.
   • Verify that the Name field reads "Adobe Flash Player," and that the Publisher field reads "Adobe Systems Incorporated."
   • Click the Install button.
   • When the installation finishes, a Flash animation replaces the red box in the large area below the "Adobe Flash Player" label in the page. After a few seconds, the animation informs you that the player installed successfully.
2. Internet Explorer 6 users may update from within your Web browser.
   • Choose Mange Add-Ins from the Tools menu.
   • Use the Show combo box, located at the top of the dialog box, to change the display to read "Add-ons that have been used by Internet Explorer."
   • Scroll down the list to the ShockWave Object.
   • Click the Update ActiveX button, located in the lower right corner of the dialog box.
   • After the update downloads, a dialog box asks if you want to install this software.
   • Verify that the Name field reads "Adobe Flash Player," and that the Publisher field reads "Adobe Systems Incorporated."
   • Click the Install button.
   • When the update completes, a message box informs you that, "The add-on was updated successfully."
   • Click the OK button to dismiss the dialog box.
   • Click the OK button to dismiss the Add-In Manager dialog box.
3. Mozilla FireFox users should use the download page at, http://www.adobe.com/go/getflashplayer/, which returns the following URL:  http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash.
   • Click the Download Now button.
   • After a few seconds, a dialog box displays, saying "You have chosen to open install_flash_player.exe, which is a Application from http://fpdownload.macromedia.com. Would you like to save this file?"
   • Click the Save File button.
   • Allow the package to download to your desktop.
   • When the download completes, the Firefox download manager window displays, showing the new file at the top, along with any other downloaded files that you may still have stashed on your desktop.
   • Click the Open link to begin the installation.
   • Firefox warns you that the file may contain a virus. Click the OK button to proceed.
   • A dialog box warns you that Firefox must be closed in order to complete the installation. Close all Firefox windows, wait a few seconds, and click the Try Again button.
   • After a few seconds, a progress dialog box displays, and quickly reports that the installation is completed.
   • You may either click the Show Details button to review the installation report, or simply click the X in the upper right corner of the dialog to dismiss it. If you choose to show details, a Close button appears in the lower right corner of the dialog box.

References

• http://www.adobe.com/go/getflashplayer/ is the Adobe Flash Player download page. Note that the page that is actually returned to your Web browser will vary, depending on your operating system and Web browser.
• http://www.adobe.com/support/security/bulletins/apsb07-12.html is Adobe Security bulletin: Flash Player update available to address security vulnerabilities, Vulnerability identifier: APSB07-12.
• http://www.us-cert.gov/cas/techalerts/TA07-192A.html is US-CERT Technical Cyber Security Alert TA07-192A.

David Gray, MBA, Chief Wizard WizardWrx, formerly P6 Consulting
	V: +1 (817) 812-3041 TZ: USA Central, GMT -5 E: dagray@wizardwrx.com W: www.wizardwrx.com	5006 Cloyce Court North Richland Hills, TX 76180-6944 USA
Tell me what you need, and I’ll conjure it.