Posted by Ryan Naraine
Adobe has finally issued an almost-definitive statement on the reports of a zero-day attack targeting its flagship Flash Player, suggesting (kinda) that the vulnerability is already patched.
In a progress report posted to the official Adobe PSIRT blog, David Lenoe stops short of making definitive statements on the actual vulnerability, using phrases like “appears to be” and “should not be vulnerable” but it’s clear that Adobe believes these attacks are tied to an issue that was patched with Flash Player 9.0.124.0.
From Lenoe’s update:
The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.
Adobe Flash drive-by attacks redux
الأوسمة: Adobe Systems Inc., Adware & Malware, Attack, Cyberthreats, Macromedia Flash Player, Malware, Malware Attack, Security, Spyware, Viruses And Worms, Vulnerability
مايو 29, 2008 عند 10:19 ص |
[…] Adobe Flash drive-by attacks redux […]