Adobe Patches Latest Flash Zero Day Vulnerability


There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious.

They don’t have a great reputation for testing their software before releasing (the latest 10.2.x versions seem to be causing a LOT of problems on Firefox), so we’ll just have to hope it’s a good patch. They promised the patch for another deadly 0-day back in March, roughly about a month ago.

At least it’s patched now and I truly hope that the latest version also stabilises Flash Player for Firefox.

Adobe today patched a critical vulnerability in Flash Player that the company said criminals were already exploiting with malicious Microsoft Word and Excel documents. On Monday, Adobe acknowledged the bug , said exploits were circulating, and promised to fix the flaw with an emergency update.

Today’s update was Adobe’s second rush patch in less than four weeks. The new version, Flash Player 10.2.159.1, is available for Windows, Mac, Linux and Solaris. Missing from that list is Android, the Google mobile operating system that also runs Flash. A fix for the same flaw will be issued to Android users no later than the week of April 25, said Adobe.

Adobe will patch the popular PDF viewer Adobe Reader that same week. The Flash vulnerability also exists in Reader and the more advanced Acrobat because both include code that renders Flash content embedded in PDF files. Although initial attacks were launched using malicious Word attachments, hackers later expanded the campaign to include malformed Excel files, according to Mila Parkour, the independent security researcher who reported the Flash flaw to Adobe.

Parkour, who has been tracking the attacks for more than a week, has published information about them on her Contagio Malware Dump blog.

There’s no patch yet for the Android version of Flash, but Adobe has promised it will be pushed out by April 25th (next Monday). Incidentally they will also be patching PDF Viewer and Adobe Reader next week as they both render Flash and are also vulnerable to this exploit.

So Flash content embedded in PDF files is a viable vector for infection using this vulnerability, in the wild both Word and Excel files were being used (with embedded Flash files) to exploit the vulnerability.


Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China’s antitrust laws, or a purported Japanese nuclear weapons program. Later messages were more mundane, and posed as corporate reorganization plans or new company contact lists.

Parkour also traced the resulting malware’s “phone-home” communications to a server registered in China, and noted that some of the malicious Word and Excel documents had been originally crafted in Chinese.

Google updated its Chrome browser — which includes a copy of Flash Player — Thursday, fixing not only the Adobe bug but a trio of critical vulnerabilities in the browser’s hardware acceleration technology. Like Internet Explorer and Firefox, Chrome taps the computer’s graphics processor (GPU) to handle some page composition and rendering tasks.

Google usually tags as “critical” only those bugs that attackers could use to escape the browser’s “sandbox,” an anti-exploit technology designed to prevent malicious code from escaping the browser.

Users running other browsers can download the patched version of Flash Player from Adobe’s site.

Google also updated Chrome recently with this Flash Player update and 3 other critical vulnerabilities related to the hardware acceleration in the browser.

I wonder how long it will be until the next critical 0-day vulnerability in Adobe Flash Player is exposed? Perhaps we’ll see another one in May.

And don’t forget to follow us on Twitter @THEdarknet to keep up with other interesting stories as they break.

Source: Network World

Posted in: Exploits/Vulnerabilities, Hacking News

, , , , , , , , ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


3 Responses to Adobe Patches Latest Flash Zero Day Vulnerability

  1. droope April 18, 2011 at 5:48 pm #

    I think this is the vuln they used to hack RSA

  2. DeborahS April 19, 2011 at 7:33 am #

    That’s my understanding too. At least I know that the RSA breach started with a spear-phishing attack to 2 RSA employees, in which an Excel email attachment exploited a Flash hole, and very shortly after Adobe issued this patch. Seems reasonable to figure that the rushed patch was in response to the uproar about the RSA breach. Closing the barn door after the horse got out, anyone?

  3. Scott April 22, 2011 at 12:23 am #

    There is no need to run adobe anymore there is freeware alternatives now