**Next-GenFlashVulnerabilities!!
Sign in
  • BLOG
  • Editor's Picks
  • |
  • Technology
  • |
  • Entrepreneurship
  • |
  • Business
  • |
  • Finance
  • |
  • Career
  • |
  • New India
  • |
  • Entertainment
  • |
  • Others

    • **Next-GenFlashVulnerabiliti es!!

    Rakesh Ranjan

    SrTechnologyEvangelistITSECURITY
    An issue in Adobe Flash is more serious. Most vulnerabilities are confined to one technology; for example, a vulnerability may affect a particular browser or a particular operating system, but it is rare for a vulnerability to span multiple platforms and products. This is not the case with Flash. Flash exists in all popular browsers and is also available in PDF documents. It is also largely operating system independent; therefore, the threat posed by this issue is not to be taken lightly. Flash has become an integral part of the modern browsing experience—becoming so ubiquitous that most users don’t even notice it.

    Thomas Ptacek of Matasano Security summed up just how serious Flash vulnerabilities are: “Why do you care about Flash exploits? Because in the field, any one of them wins a commanding majority of browser installs for an attacker.” (The full blog post is here: This New Vulnerability: Dowd’s Inhuman Flash Exploit.) The large user base of Flash presents attackers with a huge target audience and will certainly be too much for them to resist.

    Ptacek made the comment above when describing an article that Mark Dowd, research engineer with IBM ISS, published in April 2008 (Application-Specific Attacks: Leveraging the ActionScript Virtual Machine). This article detailed how he created a reliable exploit that took advantage of a very subtle memory corruption issue in Adobe Flash Player version 9.0.115.0. He gives a detailed account of how he overcame the many obstacles put in place by the Flash developers. This was quite an achievement. Whether it was intentional or not, this paper gave the reader a certain sense of security since it proved just how difficult it was to reliably exploit this issue and once the patch was available we could all put that nasty incident behind us. As expected, there were many people who were very happy to pick up Dowd’s research and use it for their own purposes. Since the release of Dowd’s paper we have seen widespread attempts to exploit Flash in the wild, but invariably they would all eventually use the exploit Dowd discovered. That is, until now.

    The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique. Typically an attacker would entice a user to visit a malicious website or send a malicious PDF via email. Once the unsuspecting user visits the website or opens the PDF this exploit will allow further malware to be dropped onto the victim’s machine. The malicious PDF files are detected as Trojan.Pidief.G and the dropped files as Trojan Horse.

    We are in contact with the Adobe PSIRT team in relation to this issue. We urge our customers to ensure their antivirus definitions are up to date. Like the vulnerability Dowd discovered, it’s likely that we will see many attacks over the coming months that will attempt to exploit this vulnerability. As always, keep an eye out for the official patch from Adobe and ensure all products are up to date. As an extra safety measure, Vista users should avail of the UAC (User Account Control) feature as this will help mitigate a successful compromise.
    start_blog_img