Flash爆零时差攻击, Symantec已澄清那不是"零时差攻击

"Symantec: Sorry, Flash Player attack not a zero day"
http://www.zdnet.com.au/news/security/soa/Symantec-Sorry-Flash-Player-attack-not-a-zero-day/0,130061744,339289430,00.htm
Symantec: Sorry, Flash Player attack not a zero day
Liam Tung, ZDNet.com.au

29 May 2008 03:14 PM

Tags: adobe, flash, flaw, nishad herath, security, symantec, zero day, ibm

After suspecting a zero day exploit was being used to attack the latest version of Flash Player (9.0.124.0), Symantec says the call was a mistake — it was an exploit for versions 9.0.115.0 and prior.

Yesterday it was feared that hackers were using a malicious ShockWave Flash file which Symantec researchers thought was a zero day exploit for the latest version of Flash Player.

Symantec, however, shied away from confirming that it was a zero day exploit, as it appears to be designed for a flaw which Adobe patched in April, prior to it being publicly disclosed by an IBM security researcher.

"Originally this issue was believed to be unpatched and unknown, but further technical analysis has revealed that it is the previously reported Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability (BID 28695), discovered by Mark Dowd of IBM," Symantec reported on its ThreatCon page today.

Adobe has also confirmed the exploit is not new. "This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere — customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit," it states on its Product Security Incident Response Team site.

The CEO of security consultancy Novologica, Nishad Herath, who yesterday acquired a sample of the exploit, told ZDNet.com.au today that the error appears to have been caused by a reference in the malicious SWF file to the new version of Flash Player.

"Actually [the code] does have references to the latest version of Flash, but it is not exploiting a new zero day — it is exploiting the old patched vulnerability," he said.

"It means Adobe patched the flaw properly, but Symantec has made a mistake... The exploit writer had made a reference to a SWF file with the name 9.0.124.0.swf, so it may just be that they were planning to add something to that exploit that may work on the new version in the future, should a zero day vulnerability be released… They might have been attempting to make this code base future-proof, but it's of no real relevance [to the exploit]," said Herath.

Adobe recommends updating Flash Player to the latest version since older versions are vulnerable to the exploit which Symantec discovered yesterday.


关于作者: 网站小编

码农网专注IT技术教程资源分享平台,学习资源下载网站,58码农网包含计算机技术、网站程序源码下载、编程技术论坛、互联网资源下载等产品服务,提供原创、优质、完整内容的专业码农交流分享平台。

热门文章