1 Reply Latest reply on Jun 1, 2008 11:29 PM by Grif

    Adobe Flash Player Flaw - Massive Exploitation reported

      Security sites are warning of increased dangers of malformed Shockwave Flash (SWF) objects. It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124.

      Adobe test site which will show latest version (should be 9.0.124)
      http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507

      How to manually update if needed (be sure to uncheck Google Toolbar)
      http://www.adobe.com/products/flashplayer/

      AVERT reports that recent sites affected by mass hacking attacks are being redirected to load malicious SWF files. These exploits are being programmed for specific versions of Flash to broaden the scope of attacks. Finally, please see last AVERT link (05/28), as they are researching a new variant that might possibly exploit Flash where it is fully up-to-date (e.g., 9.0.124).

      Adobe Flash Player Flaw - Massive Exploitation reported
      http://www.frsirt.com/english/

      QUOTE: Adobe Flash Player Flaw Massive Exploitation -- The Adobe Flash Player vulnerability which was disclosed this week by Symantec and believed to be unknown (zero-day) is a previously known issue that was patched with version 9.0.124.0. Multiple compromised web pages are currently exploiting this flaw and distributing malware.

      ADDITIONAL LINKS
      http://www.frsirt.com/english/advisories/2008/1158
      http://isc.sans.org/diary.html?storyid=4474
      http://secunia.com/advisories/30404/
      http://www.securityfocus.com/bid/29386
      http://www.avertlabs.com/research/blog/index.php/2008/05/27/flash-player-exploit -update/

      QUOTE: Here’s a quick update to the earlier post on a new unpatched Adobe Flash vulnerability. Through looking for sites serving these SWF exploits we’ve found a connection with recent mass hacks. Hacked sites reference an external script, just as they have for quite some time. But, the external scripts now reference an SWF file.

      New variants emerging - AVERT researching claims that currently patched systems may be vulnerable?
      http://www.avertlabs.com/research/blog/index.php/2008/05/28/flash-player-exploit -update-2/

      QUOTE: At first, this appeared to close the case, but there was a report of a patched version of Flash falling victim to one of these attacks, and we’ve seen an SWF file referencing a missing file named WIN 9,0,124,0i.swf, which also suggests that the latest version of Flash is the target of that file.
        • 1. Exploited bug doesn't exist in latest version of Flash
          This from CNET. (Be sure to get the newest version of Flash installed now.. Remove the old, install the new.):

          Old versions of Adobe Flash Player, perhaps the most widely used software in the world, contain known bugs that are being actively exploited online. If you are using any version of Flash Player, other than the latest, you should update to version 9.0.124.0 as soon as possible.

          Early reports from Symantec said the bug being exploited was a new one. Turns out this is not the case. On Thursday, Adobe said

          "Despite various reports that have been circulating, the Flash Player Standalone 9.0.124.0 and Linux Player 9.0.124.0 are NOT vulnerable to the exploits discussed in conjunction with the previously disclosed vulnerability Symantec posted on 5/27/08. Symantec originally believed this to be a zero-day, unpatched vulnerability, but as their latest update on their Threatcon page indicates, they have now confirmed this issue does not affect any versions of Flash Player 9.0.124.0."

          http://news.cnet.com/8301-13554_3-9955917-33.html?part=rss&subj=news&tag=2547-10 09_3-0-20

          Hope this helps.

          Grif