cancel
Showing results for 
Search instead for 
Did you mean: 
Regis
Level 12

Flash 0day - how to effectively block Flash? Anyone done it?

Greetings,

Adobe has brought us yet another delightful 0day vulnerability and POC code has apparently made it into the wild.  Exploits are expected ahead of Adobe's target date for a patch on the 18th.

http://arstechnica.com/security/2015/07/hacking-team-leak-releases-potent-flash-0day-into-the-wild/

Suppose I were to sell the business on blocking Flash on the gateway--how best to accomplish?

I searched teh System Lists MediaType for Flash  and found  the following MediaType.EnsuredTypes  - I haven't yet looked to see if there's a reliable user agent string that Flash presents across Chrome, IE and Firefox.

172application/vnd.adobe-flv-authoringFlash Movie Authoring file
263application/x-flash-shared-objectAdobe Flash shared object file

24application/x-shockwave-flashMacromedia Flash file
25video/x-flvFlash Video
33video/f4vMPEG-4 based Flash Video

22application/x-shockwave-flashMacromedia Flash file

Anyone tried this and how much screaming did you have from the business?

Best Regards,

Regis

0 Kudos
4 Replies
dbottino
Level 9

Re: Flash 0day - how to effectively block Flash? Anyone done it?

is there any news about this request?

thanks a lot

kind regards

0 Kudos
catdaddy
Level 20

Re: Flash 0day - how to effectively block Flash? Anyone done it?

,

               I posted about this last week, when Adobe patched a 'Zero-Day' vulnerability on 7/8/2015. There is another Patch coming this week for the same thing

All the Best

Catdaddy

McAfee Community Moderator

(Consumer Products

Cliff
McAfee Volunteer
0 Kudos
Regis
Level 12

Re: Flash 0day - how to effectively block Flash? Anyone done it?

Nothing really.   The ticket I opened confirmed my approach as viable if you wanted to do it.   I'm going to code it up and apply it to my own IP and see how much it breaks.

0 Kudos
malware-alerts
Level 10

Re: Flash 0day - how to effectively block Flash? Anyone done it?

We are doing partially what you are trying to accomplish (using some of the MediaTypes you higlighted) and we get regular calls from users trying to view training videos and some web applications that are flash-based (there are surprisingly still a lot out there.)

We took the "whitelisting the exceptions" approach, systematically whitelisting the legitimate sites users are trying to reach and it's been somewhat of a pain, but still manageable. Flash is such a pain in the neck security-wise tat I still prefer having some users call me and allowing their sites on an exception basis than having to deal with the ransomware...