Adobe Flash zero-day exploit in the wild

Summary:[ See important update to this story here ]Malware hunters have spotted a previously unknown -- and unpatched -- Adobe Flash vulnerability being exploited in the wild.The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Adobe Flash zero-day exploit in the wild
[ See important update to this story here ]

Malware hunters have spotted a previously unknown -- and unpatched -- Adobe Flash vulnerability being exploited in the wild.

The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Technical details on the vulnerability are not yet available.  Adobe's product security incident response team is investigating.

This SecurityFocus advisory warns:

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.

I've independently verified that redirection scripts have been posted on at least two Chinese-language Web sites to launch drive-by downloads of malware.   When the exploit fires, it checks the Flash version on the vulnerable computer and, depending on the result, it uses a different .SWF (shockwave) file to take complete control of the machine.

This threat should be considered very serious because of the widespread distribution that Adobe Flash enjoys on the Windows ecosystem.  If this exploit gets seeded on high-traffic Web sites, we could be in for a long clean-up operation.

More from the SANS ISC diary.

[ UPDATE: Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.]

Topics: Enterprise Software, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.