/>
X
Business

20,000 Web pages help exploit 'patched' Flash flaw

A possible zero day exploit has been discovered for a flaw in Flash thought to have been patched by Adobe a month ago.
liam-tung.jpg
Written by Liam Tung, Contributing Writer on

A possible zero day exploit has been discovered for a flaw in Flash thought to have been patched by Adobe a month ago.

Symantec researchers claim the exploit has several different payloads, including one to steal passwords from systems with the vulnerable software. Affected versions of Adobe Flash Player include 9.0.124.0 (latest version) and 9.0.115.0.

Around 20,000 legitimate Web pages have been manipulated, likely via SQL-injection vulnerabilities, to redirect browsers to domains in China which host the exploit, according to Vincent Weafer, senior director of development for Symantec's Security Response team.

The buffer overflow flaw being exploited occurs when processing Shock Wave Files (SWF) and was meant to be resolved by a patch Adobe issued in April, according to Symantec. However, there's still some uncertainty as to whether the exploit discovered today uses exactly the same flaw patched last month.

"We believe this is very similar to a previous reported vulnerability that was tracked down by IBM. However, the exploit we found in the wild is successful against the latest release of Adobe Flash, so we believe it's a variation of that vulnerability," Weafer said.

Last month, IBM security researcher Mark Dowd released a research note predicting a rise in use of Flash flaws to exploit computer systems.

"The reason we put out the research is to draw attention to how serious these types of vulnerabilities can be," Dowd told ZDNet.com.au at the time.

Adobe says it is investigating the "potential SWF vulnerability", however, the company has not yet released further information.

Novologica security consultant, Nishad Herath, said it doesn't matter whether Adobe confirms the exploit is a zero day.

"It exploits the latest version so it doesn't matter too much whether they call it a variant of an old flaw that wasn't patched properly. It makes little difference," Herath told ZDNet.com.au.

Symantec's Weafer said consumers and businesses should disable Java script, ensure that data execution prevention is enabled in Windows and block access to malicious IP addresses. He added that most antivirus and intrusion prevention systems will detect the malware.

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Elon Musk drops details about Tesla's humanoid robot
tesla-humanoid

Elon Musk drops details about Tesla's humanoid robot

For $2, you can finally give your Mac an incredibly useful feature Windows has always had
cleanshot-2022-08-16-at-22-34-232x

For $2, you can finally give your Mac an incredibly useful feature Windows has always had