Here’s some more information about the recent reports of Flash Player exploits in the wild that may help answer some of the questions we’ve been seeing:
- This is not a zero-day exploit. Despite various reports that have been circulating, the Flash Player Standalone 9.0.124.0 and Linux Player 9.0.124.0 are NOT vulnerable to the exploits discussed in conjunction with the previously disclosed vulnerability Symantec posted on 5/27/08. Symantec originally believed this to be a zero-day, unpatched vulnerability, but as their latest update on their Threatcon page indicates, they have now confirmed this issue does not affect any versions of Flash Player 9.0.124.0.
- Although the original vulnerability, disclosed last month in Security Bulletin APSB08-11, affects all platforms (Mac, Windows, and Linux), all of the exploits we’ve seen so far target Windows users.
- The ‘campaign’ included SQL injection attacks and apparently took advantage of various other (non-Flash Player) vulnerabilities to redirect users from legitimate sites to malicious domains serving the exploit SWFs.
- Symantec and other major antivirus vendors have added detections for the exploits seen so far.
- The recent Flash Player 10 beta is also not vulnerable to this exploit.
Finally, at the risk of sounding repetitive, in order to make sure users are not vulnerable to these exploits, we strongly encourage users to download and install the latest Flash Player update, 9.0.124.0. No uninstall is necessary, just install the latest Flash Player. Customers using multiple browsers should perform the update for each browser installed on their system.
Leave a comment