Exploits target new Adobe Flash bug

Share this article:
Updated Tuesday, May 27 at 4:42 p.m. EST.

Symantec on Tuesday revealed that the latest version of the Adobe Flash Player contains an unpatched vulnerability that is being actively exploited.

Oliver Friedrichs, director of Symantec Security Response, told SCMagazineUS.com on Tuesday that some 20,000 web pages were compromised via SQL injection to redirect visitors to one of three China-based domains serving up exploit code.

The threat is new, so researchers have yet been unable to determine how victims are arriving at the redirects or what the payload entails, Friedrichs said. But, it appears, once they reach one of the infected web pages, no user interaction is required for exploitation.

"It's as bad as you can get," he said of the drive-by-download technique.

According to the SANS Internet Storm Center, which broke news of the incident, the vulnerability affects version 9.0.124.0 and earlier installments.

An Adobe representative said the company was investigating.

"We are aware of today's report of a Flash Player exploit in the wild," Sandy Lo, an Adobe spokeswoman, told SCMagazineUS.com in an email. "We are working with Symantec to investigate the potential SWF [the Flash file format] vulnerability and will have an update once we get more information."

Friedrichs said Flash Player is a built-in component to most web browsers.

"It's (Flash) really inherent to many websites today," he said.

In lieu of a fix, corporate IT administrators should consider disabling Flash by setting the kill-bit on the application, or uninstalling Flash, Friedrichs said. In additions, users should be discouraged from visiting untrusted sites.

Turning off Flash will make the web a less desirable place to visit, - for example, users will be unable to view YouTube videos - but it will make it more secure, he said.

"Do you want to become infected or do you want to protect your environment?" Friedrichs said.

Last month, Adobe issued a new version of Flash to close seven vulnerabilities that, if exploited, could have permitted cross-site scripting attacks or system takeover.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte releases paper on vetting leaks, avoiding costly ...

The research presents techniques for distinguishing legit data leaks from false claims.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.