Adobe Flash drive-by attacks redux

Posted by Ryan Naraine

Adobe Flash drive-by attacks reduxAdobe has finally issued an almost-definitive statement on the reports of a zero-day attack targeting its flagship Flash Player, suggesting (kinda) that the vulnerability is already patched.

In a progress report posted to the official Adobe PSIRT blog, David Lenoe stops short of making definitive statements on the actual vulnerability, using phrases like “appears to be” and “should not be vulnerable” but it’s clear that Adobe believes these attacks are tied to an issue that was patched with Flash Player 9.0.124.0.

From Lenoe’s update:

The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.

 Adobe Flash drive-by attacks redux

الأوسمة: , , , , , , , , , ,

رد واحد to “Adobe Flash drive-by attacks redux”

  1. YINZEI ADULT BLOG » Blog Archive » TODAY Trends: adobe flash, May 29, 2008 Says:

    […] Adobe Flash drive-by attacks redux […]

أضف تعليقاً

Please log in using one of these methods to post your comment:

WordPress.com Logo

أنت تعلق بإستخدام حساب WordPress.com. تسجيل خروج   / تغيير )

صورة تويتر

أنت تعلق بإستخدام حساب Twitter. تسجيل خروج   / تغيير )

Facebook photo

أنت تعلق بإستخدام حساب Facebook. تسجيل خروج   / تغيير )

Google+ photo

أنت تعلق بإستخدام حساب Google+. تسجيل خروج   / تغيير )

Connecting to %s


%d مدونون معجبون بهذه: