Criminals exploiting critical vulnerability in Flash
Criminals are using a critical vulnerability in Flash to distribute malicious code on a large scale; the vulnerability was fixed by Adobe last week on its patch day. The security experts at Websense report that criminals have infected numerous web sites with contaminated Flash files that are used to inject malware onto a system.
The Flash exploit uses trickery to gain information about the memory structure of the Flash player and to replace the value in the stack pointer. The new address is hidden within the shell code that loads an encrypted file onto the victim's computer and then executes it.
Users who have not yet installed the latest version of Flash 10.3.181.26, are advised to do so as soon as possible. Flash for Android is also vulnerable if the installed version is older than 10.3.185.24. The Adobe Flash Player web page can be used to check which version is currently installed on a system.