Flash Vulnerability Discussion

[Sware]

Blue just recently stickied this in the Customer Service forum.

A recent vulnerability has been discovered in popular web-content delivery program Adobe Flash, and it could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash, version 9.0.124.0, does not contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible by visiting the Adobe.com download page at the link below.

http://www.adobe.com/shockwave/downl...ShockwaveFlash

In addition, to avoid exploitation of this vulnerability, we have temporarily disabled the ability to post hyperlinks in our forums. Any links will need to be copied and pasted into a browser. We’ll continue to evaluate any potential security threats and take any steps necessary to ensure a safe and fun environment.

For more information on this issue, you can read the announcements from the Adobe security team concerning the threat at the links below.

Adobe Product Security Incident Response Team (PSIRT): Potential Flash Player issue
Adobe Product Security Incident Response Team (PSIRT): Potential Flash Player issue - update

Anyone know about it? Let's start rolling out scams for it.

[Reddox]

If I had to guess, I'd say they were just making redirecting .swfs and embedding them..somewhere, not sure where. It's a fairly common phishing method.

Basically what you would do is

1. Create a phishing site
2. Create a tiny flash file that redirects the browser to your phishing site the second it is loaded
3. The user then believes he was sent there by the actual website (blizzard or whoever) and that it's safe to enter your info.

This is extremely useful for the "You need to be logged in to do that" phishers.



More info here:

New exploits target Flash - WOW Insider



Anyway, I could definitely write up a scam for this based off of the method I described briefly above...It's fairly simple. I'm not sure if there'd be any interest though.