Adobe Flash Player flaw previously patched, Symantec says

Security researchers said the threat is minimal, because attacks in the wild are targeting previous versions of Adobe's media player.

Attackers that set up thousands of malware laden Web pages to exploit an Adobe Flash Player flaw were targeting a previous version of the media player, according to researchers investigating the issue.

Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero day issue, and to Mark Dowd and wushi for originally reporting this issue.
David Leno
Product Security Incident Response TeamAdobe

Security researchers issued a clarification about the flaw and lowered their warning after discovering that the flaw being targeted was patched by Adobe. The vulnerability is an Adobe Flash Player multimedia file remote buffer overflow vulnerability, according to Symantec which issued a clarification Wednesday. Symantec also lowered its ThreatCon rating, reducing its security posture to level 1, the lowest basic network posture.

The attacks affect Adobe Flash Player 9.0.115.0 and earlier, not the latest version 9.0.124.0, Symantec said.

Adobe issued a statement Wednesday via its Product Security Incident Response Team encouraging users to upgrade the media player to the latest version. Customers using multiple browsers should perform a check for each browser installed on their system and update if necessary, the Adobe security team said.

"Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue," said Adobe's David Leno in the Product Security Incident Response Team blog.

In April, Adobe issued an update to correct input validation errors when handling a Shockwave Flash (SWF) file that could lead to the potential execution of arbitrary code. The update introduced functionality to stop attackers from executing a DNS rebinding attack.

Resarchers from Symantec, McAfee and other vendors have been tracking a number of attacks which involved two Chinese sites known to be hosting exploits. Attackers are injecting malicious code into the sites using SQL-injection vulnerabilities to target a flaw in previous versions of the Adobe medial player. More than 200,000 Web pages are serving up a script redirecting users to malicious sites.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close