After suspecting a zero day exploit was being used to attack the latest version of Flash Player (9.0.124.0), Symantec says the call was a mistake — it was an exploit for versions 9.0.115.0 and prior.

Yesterday it was feared that hackers were using a malicious ShockWave Flash file which Symantec researchers thought was a zero day exploit for the latest version of Flash Player.

Symantec, however, shied away from confirming that it was a zero day exploit, as it appears to be designed for a flaw which Adobe patched in April, prior to it being publicly disclosed by an IBM security researcher.

"Originally this issue was believed to be unpatched and unknown, but further technical analysis has revealed that it is the previously reported Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability (BID 28695), discovered by Mark Dowd of IBM," Symantec reported on its ThreatCon page today.

Adobe has also confirmed the exploit is not new. "This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere — customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit," it states on its Product Security Incident Response Team site.

The CEO of security consultancy Novologica, Nishad Herath, who yesterday acquired a sample of the exploit, told ZDNet.com.au today that the error appears to have been caused by a reference in the malicious SWF file to the new version of Flash Player.

"Actually [the code] does have references to the latest version of Flash, but it is not exploiting a new zero day — it is exploiting the old patched vulnerability," he said.

"It means Adobe patched the flaw properly, but Symantec has made a mistake... The exploit writer had made a reference to a SWF file with the name 9.0.124.0.swf, so it may just be that they were planning to add something to that exploit that may work on the new version in the future, should a zero day vulnerability be released... They might have been attempting to make this code base future-proof, but it's of no real relevance [to the exploit]," said Herath.

Adobe recommends updating Flash Player to the latest version since older versions are vulnerable to the exploit which Symantec discovered yesterday.

Related links

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Aussies to pay more for Win 7

    If you are looking to make some money in these troubled times, perhaps importing copies of Windows 7 could be for you. Read more »

    -- posted by Staff

  • Staff Firefox: Greens want it, 3.5rc2 not up to par

    This week's roundup looks at the situation surrounding a campaign to change Outlook HTML renderer, a Greens MP wants to install Firefox but is restricted and all the photos from the iPhone 3GS launch. Read more »

    -- posted by Staff

  • Chris Duckett Microsoft misses the Outlook point

    Ask designers which mail program is the bane of their existence, and you'll find that Outlook tops the list. The reason why the most popular email reader is also the most painful is simple: it uses Word to render HTML emails. Read more »

    -- posted by Chris Duckett

What's on?