Potential Flash Player issue – update

Here’s an update on our progress investigating the recent reports of a potential Flash Player exploit in the wild. The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.
UPDATE: We’ve just gotten confirmation from Symantec that all versions of Flash Player 9.0.124.0 are not vulnerable to these exploits. Again, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0. To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. Customers using multiple browsers are advised to perform the check for each browser installed on their system and update if necessary.
Thanks to Symantec for working very closely with us over the last 2 days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue.
This posting is provided “AS IS” with no warranties and confers no rights

6 Responses to Potential Flash Player issue – update

  1. rob says:

    Is this exploit on all OSs or just windows? I can’t seem to find that information anywhere.

  2. Frinder says:

    Does this affect to other OS as well like gnu/linux, mac osx etc?

  3. TJX says:

    Is an uninstall of previous FLASH versions necessary? Or is just installing the new version enough?

  4. John says:

    It is not a matter of OS. Flash programs or videos are run through your web browser and thereby the internet. Flash runs on multiple platforms. Regardless of OS we have advised all of our clients to download ver. 9.0.124.0. It is rather simple to download and install, you do not need to remove previous versions.

  5. Matt Riggins says:

    This is a vulnerability in the flash plugin installed on your computer, and is not operating system specific. If you can play flash content on your computer, you are open to the exploit.
    Someone on IRC got keylogged by the exploit this afternoon, and when he logged into world of warcraft all his stuff was gone.
    Everyone should update to 9.0.124.0, regardless of your operating system.
    Be safe, be smart. Update.
    Matt

  6. MSS-Security says:

    The exploits we have been seeing have been targeting windows machines. If you look at the packet captures off an IDS/IPS device, it is mainly windowsxp type executables getting pushed through.