{"id":3137,"date":"2011-06-21T10:41:57","date_gmt":"2011-06-21T09:41:57","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3137"},"modified":"2015-09-09T19:37:11","modified_gmt":"2015-09-09T11:37:11","slug":"hackers-exploiting-latest-adobe-flash-bug-on-large-scale","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/06\/hackers-exploiting-latest-adobe-flash-bug-on-large-scale\/","title":{"rendered":"Hackers Exploiting Latest Adobe Flash Bug On Large Scale"},"content":{"rendered":"

It’s very out of character for Adobe<\/a> – but they’ve actually released two out of band<\/a> patches in the last week or so.<\/p>\n

They’ve had to patch 4 times in the past 2 months – that’s a total of 6 times in 2011 so far – with 5 out of those 6 being for critical bugs.<\/p>\n

It seems like Flash<\/a> has become a major target for hackers in the past 6 months or so, despite the fact that Adobe has worked with Google to sandbox Flash in the Chrome<\/a> browser.<\/p>\n

Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code “on a fairly large scale” from compromised sites as well as from their own malicious domains, a security researcher said Friday. The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second “out-of-band,” or emergency update, in nine days.<\/p>\n

“CVE-2011-2110 is being exploited in the wild on a fairly large scale,” said Steven Adair, a researcher with the Shadowserver Foundation, a volunteer-run group that tracks vulnerabilities and botnets. “In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs [non-government organizations], aerospace companies, a Korean news site, an Indian government Web site, and a Taiwanese university.”<\/p>\n

CVE-2011-2110 is the identifier for the Flash vulnerability assigned by the Common Vulnerabilities and Exposures database. Attackers are also using the exploit in “spear phishing” attacks aimed at specific individuals, said Adair on the Shadowserver site. Adair called the attacks “nasty” because the exploit “happens seamlessly in the background,” giving victims no clue that their systems have been compromised. <\/p><\/blockquote>\n

The CVE ID for this vulnerability is – CVE-2011-2110<\/a> with the NVD listing<\/a> stating:<\/p>\n

Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.<\/code><\/p>\n

Sounds pretty nasty, at least the patch is out for it – but as usual, how many people will apply it in a timely fashion?<\/p>\n