When handling the [input] value the size is not validated and the process blindly copies user supplied data ... into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.Look, this problem is twenty years old. The only excuse if that the developers are lazy, or the company doesn't think they need to invest in automated testing.
Get your patches here. iPhone users, you're safe because His Steveness decided you can't handle the Flash. Android users, get the to the Android App Store to download the update.
I must say that it's somewhat disheartening to see this kind of stupid, careless, inexcusable n00b error keep poping up. You get hit by a fiendishly subtle new technique known only to folks who go to Black Hat, well, that's one thing. You get hit by something that everyone has learned about in Programming 101 for the last two decades, you're an idiot. And the rest of us get to spend a little Personal Patching time because of that.
ALL proprietary software (microsoft, apple, adobe, etc) is full of rookie mistakes that don't get caught because customers/peers cannot audit the source code.
ReplyDeleteFlash is widely despised in the linux community for exactly this reason.
Be very very careful when you run that Flash update. It polluted my computer with Google Chrome, and I don't recall it asking permission to do so.
ReplyDelete