Jump to content

Change Mode

Attackers Exploit Latest Flash Bug On Large Scale, Says Researcher


Recommended Posts

http://www.computerworld.com/s/article/9217758/Attackers_exploit_latest_Flash_bug_on_large_scale_says_researcher

 

Computerworld - Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code "on a fairly large scale" from compromised sites as well as from their own malicious domains, a security researcher said Friday.

 

The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second "out-of-band," or emergency update, in nine days.

 

Arkin also argued that attackers get more bang for their buck by rooting out Flash vulnerabilities than they do looking for bugs in individual browsers because virtually every personal computer has the Flash plug-in installed. "Flash is the code [used in the browser] that has the highest market penetration," he said.

 

According to Adair, the exploit of CVE-2011-2110 has been in use since June 9, five days before Adobe issued its latest security update. Arkin corroborated that timeline.

 

Although Adobe's working on boosting Flash's security -- it's collaborated with Google, for example, to sandbox Flash in Chrome -- for now, its best defense is to quickly react to exploits with a patch.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...