May 23, 2012, 12:01:05 AM
Xtreme Stylez > Support and Tutorials > Security Center > Adobe Flash Flaw Exploited in Web Sites, Researcher Warns
Pages: [1]   Go Down
« previous next »
  Send this topic  |  Print  
Share this topic on FacebookShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on Twitter Topic: Adobe Flash Flaw Exploited in Web Sites, Researcher Warns  (Read 781 times)
0 Members and 2 Guests are viewing this topic.
B.SkiLLs
Xtreme Administrator
Resident Badass
*****

Reputation: +56/-0
Offline Offline

Posts: 2365



View Profile WWW
« on: July 25, 2009, 11:17:12 PM »
Adobe Flash Flaw Exploited in Web Sites, Researcher Warns

Ellen Messmer, Network World
Jul 25, 2009 3:55 pm

Source:
http://www.pcworld.com/article/169058/adobe_flash_flaw_exploited_in_web_sites_researcher_says.html?tk=rss_news


A vulnerability that Adobe has confirmed to exist in a number of its Reader, Flash Player, and Acrobat products is being exploited through malicious Flash code in Web pages, according to one researcher.

[As reported previously, the vulnerability is also being exploited via a malicious PDF file attack that can potentially crash Windows, Macintosh, and Linux operating systems and according to Adobe, "potentially allow an attacker to take control of the affected system."]

Artwork: Chip Taylor
However, there is also another way the Adobe Flash vulnerability is being exploited, according to Paul Royal, principal researcher at Purewire, says the Adobe Flash vulnerability is being exploited through Web pages with the Flash exploit embedded in them as multimedia.

Royal described this form of attack as including "a Flash movie of one-frame length. This malicious Flash file is being embedded in Web pages, sometimes of legitimate Web sites that are compromised."Purewire's research indicates this malicious Flash movie file is just different enough from the PDF file exploit that it isn't being detected by many anti-malware software packages yet.

But Royal adds that just last week more anti-malware vendors have worked to update their software to detect the malicious PDF file exploit, generally sent as an e-mail spam attachment. The malicious PDF file appears to be used mostly in targeted attacks against specific corporations.

In its advisory, which is being updated as needed, Adobe states "A critical vulnerability exists in the current versions of Flash Player (v9.0159.0 and v.10.022.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v.9x for Windows, Macintosh and Unix operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system."

Adobe, which says it is in contact with several antivirus and security firms concerning the Flash vulnerability, states it intends to provides fixes for most of the affected products by the end of the month.

The underlying vulnerability has been known to exist as a "bug" since December, but probably first began to be "weaponized" around July 9, says Royal. Flash exploits could have started prior to that, he adds.
Logged



Pages: [1]   Go Up
  Send this topic  |  Print  
« previous next »
 
Jump to: