Confusion mounts over which Flash versions are under attack
Chinese hackers exploit stand-alone versions, but not current plug-in, says Symantec
Computerworld - Contrary to initial reports, the Flash Player exploit being fed to users who visit legitimate Web sites is not a true zero-day exploit, a researcher said today.
But that's hardly the point, said Don Jackson, the director of threat intelligence at SecureWorks Inc. "I'd still call this catastrophic," said Jackson, "because when you look at the distribution of Flash versions, users hardly ever have the latest one."
In fact, Jackson was on target in more ways than he knew. Ben Greenbaum, a senior research manager at Symantec Corp., said later that although the vulnerability is not new -- and thus not really a "zero-day" bug -- some up-to-date versions of Flash Player are vulnerable to attack.
Greenbaum called it a "false-positive zero-day" and added that the exploit in circulation "does still work against some of the most current and patched versions of Flash Player, and so still has some characteristics of a zero-day."
For his part, Jackson said that the currently available version of Flash Player, dubbed 220.127.116.11, is immune, while computers running Flash Player 18.104.22.168 -- the edition superseded by an April update that Adobe Systems Inc. released to patch other vulnerabilities -- is susceptible to attack. "It looks like [22.214.171.124] has been patched," he said.
Greenbaum, however, went a step further. "The vulnerability is similar enough [to one already disclosed] that we're treating it as the same," he said. "But not all the versions are patched correctly."
The more widely-used browser plug-in of Flash Player 126.96.36.199 is not at risk, said Greenbaum, but the stand-alone Flash Player 188.8.131.52 is. Adobe offers both browser plug-in and stand-alone versions of its Flash Player.
Although it's not unheard of for patches to not properly protect all versions of a particular program, Greenbaum said, it is unusual, and even more so when comparing the stand-alone and plug-in editions of an application.
Adobe was not immediately available to confirm Greenbaum's claims, but the Symantec researcher said that his team had been working with the Flash developer since yesterday on the problem. "This is the latest and greatest news," Greenbaum said.
The Flash Player is-or-isn't-at-risk story began Tuesday, when researchers at the SANS Institute's Internet Storm Center and Symantec raised an alarm about the exploit and said it was triggering an unknown, and unpatched, vulnerability in the popular plug-in and application.
Later yesterday, however, Symantec seemed to back off its initial analysis. "Originally, it was believed that this issue was unpatched and unknown, but further technical analysis has revealed that it is very similar to the previously reported Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability (BID 28695), discovered by Mark Dowd of IBM," Symantec said in a explanation of why it had bumped its ThreatCon ranking to Level 2.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts