Welcome to WebmasterWorld Guest from 23.23.57.144

Forum Moderators: open

Flash Player Exploit discovered - initial confusion begins to clear

   
6:01 pm on May 28, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



"Adobe Flash contains a vulnerability that may allow an attacker to run code on a vulnerable system. There are reports that this vulnerability is being actively exploited."

[kb.cert.org...]

CERT on how to secure your browser:
[us-cert.gov...]

7:20 pm on May 28, 2008 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



SecurityFocus has some reference links that are worth reading, particularly

[securityfocus.com...]

The current malware attack has been traced back to Chinese blackhats, who are using a zero day to infect users with password stealers, moreover, one of the domains serving the Adobe zero day has been sharing the same IP with four of the malware domains in the recent waves of massive SQL injection attacks, indicating this incident and the previous ones are connected.
10:29 pm on May 28, 2008 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



There's no zero day. Somebody at Symantec jumped the gun.

Still it's a problem for those with not up to date flash players, as the exploits are being used out there.

Take a look at the SANS Internet Storm Center for an overview of the current standing:
[isc.sans.org...]

10:39 pm on May 28, 2008 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



>> There's no zero day.

According to Adobe [blogs.adobe.com], you are correct:

This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit.
10:44 pm on May 28, 2008 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Thanks for that update, swa66.

from SANS [isc.sans.org]:

On closer examination, this does not appear to be a "0-day exploit". Symantec has updated their threatcon info[/url], as well. We have yet to see one of these that succeeds against the current version (9.0.124.0)

From Symantec [symantec.com]:

Adobe has released an official statement noting that Flash Player versions 9.0.124.0 aren't affected by these attacks...Users are advised to ensure that Flash is updated to version 9.0.124.0

From Adobe [blogs.adobe.com]:

This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit.
11:11 pm on May 28, 2008 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I visited the us-cert.gov link to read their instructions for securing my browser. Just for kicks, I followed their instructions to the "t". I feel sorry for anyone browsing in that mode at all times. Just the few sites I visited were totally unusable with the Governments recommended settings. I'm still undoing them one by one as they crop up but for the most part, if you were to surf under their guidelines, there really is no need to surf. The waves are gone...

And, anything in Flash, totally invisible.

1:01 am on May 29, 2008 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Somewhat worrying. According to US_CERT it seems to affect all OS. I guess that's the weakness of a cross-platform system!
12:20 pm on May 29, 2008 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I feel sorry for anyone browsing in that mode at all times.

Don't feel sorry for me!
I have been surfing this way for a long, long time now. Except for using NoScript, I started using that add-on in January of this year.

Cookies usually get the ESC key (Deny), except for those sites I want to allow. As far as JS and Flash, well we do a lot of Flash development too, so it actually helps to have these extensions loaded and operational for internal quality assurance before the code gets implemented. Viewing the page as a person that has JS and/or Flash disabled has proven priceless in some instances.

But back to the general web browsing experience ... I can surf much faster to locate the information I want to see without having to filter the non-applicable trash, ads, etc. Riding the waves, dude :)

12:37 pm on May 29, 2008 (gmt 0)

5+ Year Member



Somewhat worrying. According to US_CERT it seems to affect all OS. I guess that's the weakness of a cross-platform system!

Only the flash exploit affects all OS's, the payload is Windows only at the moment. Personally I can't wait for a fill cross platform exploit.

According to the article it is dropping this malware:

MemScan:Win32.Worm.Otwycal.T; a variant of Win32/AutoRun.NAD

Trojan.PWS.OnLineGames.WOM; Win32/TrojanDropper.Agent.NKK

I assume all of those password stealers need Admin privileges so Vista users are safe as long as they disallow the UAC prompt, XP users are toast. Linux and Mac users would have to enter their root password.

My distro has had version 9.0.124 for a while now, so unfortunately I am unable to participate in this cross platform experiment at the moment ;)

2:41 pm on Jun 2, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Vista users are safe as long as they disallow the UAC prompt, XP users are toast...

Surely XP users running without Admin privileges are just as safe as Vista users?

FYI: Most corporate boxes running XP I've come across are set up to run without admin privileges...

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month