Adobe Flash Flaw Targeted by Attack Code
Bad news: security researchers uncovered a new vulnerability in the latest version of Adobe Flash. Worse news: they also discovered attack code that's aimed exactly at exploiting that flaw.
May 28, 2008
According to security company Symantec, 20,000 web pages have already been found to feature links leading users to a site hosting malicious Flash applets specially made to exploit the flaw. The company thinks that the numbers are likely to grow and considers that the recent link spree is the result of SQL injections, e method that's proved to be very popular lately.
Symantec stated that successful exploit of the flaw will enable the attacker to execute arbitrary code on the machine.
Adobe had little to say for the time being. The company reported that it was working with Symantec in clearing up the issue:
“Just a quick note to say we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.”