![]() QUOTE: At first, this appeared to close the case, but there was a report of a patched version of Flash falling victim to one of these attacks, and we’ve seen an SWF file referencing a missing file named WIN 9,0,124,0i.swf, which also suggests that the latest version of Flash is the target of that file. New variants emerging - AVERT researching claims that currently patched systems may be vulnerable? ![]() But, the external scripts now reference an SWF file. ![]() Hacked sites reference an external script, just as they have for quite some time. Through looking for sites serving these SWF exploits we’ve found a connection with recent mass hacks. QUOTE: Here’s a quick update to the earlier post on a new unpatched Adobe Flash vulnerability. Multiple compromised web pages are currently exploiting this flaw and distributing malware. ![]() QUOTE: Adobe Flash Player Flaw Massive Exploitation - The Adobe Flash Player vulnerability which was disclosed this week by Symantec and believed to be unknown (zero-day) is a previously known issue that was patched with version 9.0.124.0. Finally, please see last AVERT link (05/28), as they are researching a new variant that might possibly exploit Flash where it is fully up-to-date (e.g., 9.0.124).Īdobe Flash Player Flaw - Massive Exploitation reported ![]() These exploits are being programmed for specific versions of Flash to broaden the scope of attacks. How to manually update if needed (be sure to uncheck Google Toolbar)ĪVERT reports that recent sites affected by mass hacking attacks are being redirected to load malicious SWF files. It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124.Īdobe test site which will show latest version (should be 9.0.124) Security sites are warning of increased dangers of malformed Shockwave Flash (SWF) objects. ![]()
0 Comments
Leave a Reply. |