In association with heise online

21 June 2011, 16:18

Criminals exploiting critical vulnerability in Flash

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Criminals are using a critical vulnerability in Flash to distribute malicious code on a large scale; the vulnerability was fixed by Adobe last week on its patch day. The security experts at Websense report that criminals have infected numerous web sites with contaminated Flash files that are used to inject malware onto a system.

The Flash exploit uses trickery to gain information about the memory structure of the Flash player and to replace the value in the stack pointer. The new address is hidden within the shell code that loads an encrypted file onto the victim's computer and then executes it.

Users who have not yet installed the latest version of Flash, are advised to do so as soon as possible. Flash for Android is also vulnerable if the installed version is older than The Adobe Flash Player web page can be used to check which version is currently installed on a system.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit