Adobe Flash Player Flaw - Massive Exploitation reported

Posted Thu, May 29 2008 17:13 by Harry Waldron

Security sites are warning of increased dangers of malformed Shockwave Flash (SWF) objects. I've read reports of possibly 250,000 web pages hosting this new exploit.    It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124.

Adobe test site which will show latest version (should be 9.0.124)
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507

How to manually update if needed (be sure to uncheck Google Toolbar)
http://www.adobe.com/products/flashplayer/ 

AVERT reports that recent sites affected by mass hacking attacks are being redirected to load malicious SWF files. These exploits are being programmed for specific versions of Flash to broaden the scope of attacks.  Finally, please see last AVERT link (05/28), as they are researching a new variant that might possibly exploit Flash where it is fully up-to-date (e.g., 9.0.124).

Adobe Flash Player Flaw - Massive Exploitation reported
http://www.frsirt.com/english/

QUOTE: Adobe Flash Player Flaw Massive Exploitation -- The Adobe Flash Player vulnerability which was disclosed this week by Symantec and believed to be unknown (zero-day) is a previously known issue that was patched with version 9.0.124.0. Multiple compromised web pages are currently exploiting this flaw and distributing malware.

ADDITIONAL LINKS
http://www.frsirt.com/english/advisories/2008/1158
http://isc.sans.org/diary.html?storyid=4474 
http://secunia.com/advisories/30404/
http://www.securityfocus.com/bid/29386
http://www.avertlabs.com/research/blog/index.php/2008/05/27/flash-player-exploit-update/

QUOTE: Here’s a quick update to the earlier post on a new unpatched Adobe Flash vulnerability. Through looking for sites serving these SWF exploits we’ve found a connection with recent mass hacks. Hacked sites reference an external script, just as they have for quite some time. But, the external scripts now reference an SWF file.

New variants emerging - AVERT researching claims that currently patched systems may be vulnerable?
http://www.avertlabs.com/research/blog/index.php/2008/05/28/flash-player-exploit-update-2/ 

QUOTE: At first, this appeared to close the case, but there was a report of a patched version of Flash falling victim to one of these attacks, and we’ve seen an SWF file referencing a missing file named WIN 9,0,124,0i.swf, which also suggests that the latest version of Flash is the target of that file.

Comments

# Adobe Flash - How to disable and enable in IE 7 or IE 8

Friday, May 30, 2008 3:46 PM by Harry Waldron - My IT Forums Blog

During April, a hacking contest took place where Vista's security was compromised through Flash,

# Adobe Flash - How to disable and enable in IE 7 or IE 8

Friday, May 30, 2008 3:47 PM by Harry Waldron - Microsoft MVP Blog

During April, a hacking contest took place where Vista's security was compromised through Flash,

# Update your Flash!

Monday, June 02, 2008 2:58 AM by MVP Jubo Security Blog

Because of an Adobe Flash Player issue you need to update this software to the latest version, which

# adobe flashplayer

Tuesday, June 10, 2008 7:04 PM by adobe flashplayer

Pingback from  adobe flashplayer

# adobe flashplayer update

Tuesday, June 10, 2008 7:05 PM by adobe flashplayer update

Pingback from  adobe flashplayer update

# Adobe Fuse and Flash Dangers - Malicious Web Advertising

Tuesday, August 19, 2008 8:38 AM by Harry Waldron - Microsoft MVP Blog

This recent Sunbelt posting shares how malware writers are currently using these products to create malicious

# Adobe Fuse and Flash Dangers - Malicious Web Advertising

Tuesday, August 19, 2008 8:48 AM by Harry Waldron - My IT Forums Blog

This recent Sunbelt posting shares how malware writers are currently using these products to create malicious