« Potential Flash Player issue | Main | More information on recent Flash Player exploit »

Potential Flash Player issue - update

Here’s an update on our progress investigating the recent reports of a potential Flash Player exploit in the wild. The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.

UPDATE: We've just gotten confirmation from Symantec that all versions of Flash Player 9.0.124.0 are not vulnerable to these exploits. Again, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0. To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. Customers using multiple browsers are advised to perform the check for each browser installed on their system and update if necessary.

Thanks to Symantec for working very closely with us over the last 2 days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue.

This posting is provided “AS IS” with no warranties and confers no rights

Posted by David Lenoe on May 28, 2008 11:09 AM |

Comments

Is this exploit on all OSs or just windows? I can't seem to find that information anywhere.

Posted by: rob | May 28, 2008 02:50 PM

Does this affect to other OS as well like gnu/linux, mac osx etc?

Posted by: Frinder | May 29, 2008 01:07 AM

Is an uninstall of previous FLASH versions necessary? Or is just installing the new version enough?

Posted by: TJX | May 29, 2008 01:56 PM

It is not a matter of OS. Flash programs or videos are run through your web browser and thereby the internet. Flash runs on multiple platforms. Regardless of OS we have advised all of our clients to download ver. 9.0.124.0. It is rather simple to download and install, you do not need to remove previous versions.

Posted by: John | May 30, 2008 12:46 PM

This is a vulnerability in the flash plugin installed on your computer, and is not operating system specific. If you can play flash content on your computer, you are open to the exploit.

Someone on IRC got keylogged by the exploit this afternoon, and when he logged into world of warcraft all his stuff was gone.

Everyone should update to 9.0.124.0, regardless of your operating system.

Be safe, be smart. Update.

Matt

Posted by: Matt Riggins | May 30, 2008 08:34 PM

The exploits we have been seeing have been targeting windows machines. If you look at the packet captures off an IDS/IPS device, it is mainly windowsxp type executables getting pushed through.

Posted by: MSS-Security | May 30, 2008 11:18 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)