iTWire - [UPDATE]Adobe Flash Player exploit unpatched and in the wild

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

[UPDATE]Adobe Flash Player exploit unpatched and in the wild

[UPDATE]Adobe Flash Player exploit unpatched and in the wild

E-mail

by Mike Bantick
Wednesday, 28 May 2008
A Zero-day exploit has been identified that redirects the Adobe Flash Player to malware infected servers. The threat is expanding. Featured Whitepaper 5 Best Practices for Smartphone Support Investigations are continuing around a known Zero-Day exploit of Adobe Flash Player versions 9.0.124.0 and older. According to a Security Focus advisory recently released; “Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.” The exploit consists of redirection scripts posted in infected websites. The script does a quick check of the version of Flash Player installed, based on the result it then runs an associated .SWF file (shockwave) to take control of the users computer A further announcement from Security Focus expands on the threat indicating that though the exploit was firstly discovered in a couple of Chinese language websites, it looks to be spreading. According to Security Focus; “Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.” Adobe have briefly acknowledged the issue. In direct response to this issue Symantec have raised their ThreatCon indicator to 2 (medium: increased alertness). An indication that malicious code threats have reached a moderate risk level. Network administrators should be aware of the issue and be prepared to block ip addresses in firewalls and proxy servers as they come to hand. [UPDATE] ThreatCon has been lowered to level 1 and version 9.0.124.0 of Adobe Flash Player has been identified as rectifying this issue. Tags See All Tags Adobe Cybercrime Flash Malware Mike Bantick Security Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking