Adobe Patches Latest Flash Zero Day Vulnerability


There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious.

They don’t have a great reputation for testing their software before releasing (the latest 10.2.x versions seem to be causing a LOT of problems on Firefox), so we’ll just have to hope it’s a good patch. They promised the patch for another deadly 0-day back in March, roughly about a month ago.

At least it’s patched now and I truly hope that the latest version also stabilises Flash Player for Firefox.

Adobe today patched a critical vulnerability in Flash Player that the company said criminals were already exploiting with malicious Microsoft Word and Excel documents. On Monday, Adobe acknowledged the bug , said exploits were circulating, and promised to fix the flaw with an emergency update.

Today’s update was Adobe’s second rush patch in less than four weeks. The new version, Flash Player 10.2.159.1, is available for Windows, Mac, Linux and Solaris. Missing from that list is Android, the Google mobile operating system that also runs Flash. A fix for the same flaw will be issued to Android users no later than the week of April 25, said Adobe.

Adobe will patch the popular PDF viewer Adobe Reader that same week. The Flash vulnerability also exists in Reader and the more advanced Acrobat because both include code that renders Flash content embedded in PDF files. Although initial attacks were launched using malicious Word attachments, hackers later expanded the campaign to include malformed Excel files, according to Mila Parkour, the independent security researcher who reported the Flash flaw to Adobe.

Parkour, who has been tracking the attacks for more than a week, has published information about them on her Contagio Malware Dump blog.

There’s no patch yet for the Android version of Flash, but Adobe has promised it will be pushed out by April 25th (next Monday). Incidentally they will also be patching PDF Viewer and Adobe Reader next week as they both render Flash and are also vulnerable to this exploit.

So Flash content embedded in PDF files is a viable vector for infection using this vulnerability, in the wild both Word and Excel files were being used (with embedded Flash files) to exploit the vulnerability.


Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China’s antitrust laws, or a purported Japanese nuclear weapons program. Later messages were more mundane, and posed as corporate reorganization plans or new company contact lists.

Parkour also traced the resulting malware’s “phone-home” communications to a server registered in China, and noted that some of the malicious Word and Excel documents had been originally crafted in Chinese.

Google updated its Chrome browser — which includes a copy of Flash Player — Thursday, fixing not only the Adobe bug but a trio of critical vulnerabilities in the browser’s hardware acceleration technology. Like Internet Explorer and Firefox, Chrome taps the computer’s graphics processor (GPU) to handle some page composition and rendering tasks.

Google usually tags as “critical” only those bugs that attackers could use to escape the browser’s “sandbox,” an anti-exploit technology designed to prevent malicious code from escaping the browser.

Users running other browsers can download the patched version of Flash Player from Adobe’s site.

Google also updated Chrome recently with this Flash Player update and 3 other critical vulnerabilities related to the hardware acceleration in the browser.

I wonder how long it will be until the next critical 0-day vulnerability in Adobe Flash Player is exposed? Perhaps we’ll see another one in May.

And don’t forget to follow us on Twitter @THEdarknet to keep up with other interesting stories as they break.

Source: Network World

Posted in: Exploits/Vulnerabilities, Hacking News

, , , , , , , , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


3 Responses to Adobe Patches Latest Flash Zero Day Vulnerability

  1. droope April 18, 2011 at 5:48 pm #

    I think this is the vuln they used to hack RSA

  2. DeborahS April 19, 2011 at 7:33 am #

    That’s my understanding too. At least I know that the RSA breach started with a spear-phishing attack to 2 RSA employees, in which an Excel email attachment exploited a Flash hole, and very shortly after Adobe issued this patch. Seems reasonable to figure that the rushed patch was in response to the uproar about the RSA breach. Closing the barn door after the horse got out, anyone?

  3. Scott April 22, 2011 at 12:23 am #

    There is no need to run adobe anymore there is freeware alternatives now