Attackers that set up thousands of malware laden Web pages to exploit an Adobe Flash Player flaw were targeting a previous version of the media player, according to researchers investigating the issue.
Security researchers issued a clarification about the flaw and lowered their warning after discovering that the flaw being targeted was patched by Adobe. The vulnerability is an Adobe Flash Player multimedia file remote buffer overflow vulnerability, according to Symantec which issued a clarification Wednesday. Symantec also lowered its ThreatCon rating, reducing its security posture to level 1, the lowest basic network posture.
The attacks affect Adobe Flash Player 220.127.116.11 and earlier, not the latest version 18.104.22.168, Symantec said.
Adobe issued a statement Wednesday via its Product Security Incident Response Team encouraging users to upgrade the media player to the latest version. Customers using multiple browsers should perform a check for each browser installed on their system and update if necessary, the Adobe security team said.
"Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue," said Adobe's David Leno in the Product Security Incident Response Team blog.
In April, Adobe issued an update to correct input validation errors when handling a Shockwave Flash (SWF) file that could lead to the potential execution of arbitrary code. The update introduced functionality to stop attackers from executing a DNS rebinding attack.
Resarchers from Symantec, McAfee and other vendors have been tracking a number of attacks which involved two Chinese sites known to be hosting exploits. Attackers are injecting malicious code into the sites using SQL-injection vulnerabilities to target a flaw in previous versions of the Adobe medial player. More than 200,000 Web pages are serving up a script redirecting users to malicious sites.