Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flash Zero-Day Attack Underway

Posted by kdawson on from the gone-in-a-flash dept.

Robellus writes "Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.'"

16 of 246 comments (clear)

  1. SNAFU by Anonymous Coward · · Score: 4, Funny

    Situation Normal, All Flashed Up

    1. Re:SNAFU by Anonymous Coward · · Score: 1, Funny

      Their TrueType patenting and PDF hogging weren't too cool either, but wanted to note that Flash is too often abused to flash your computer, in the trench coat variation. Once exposed, it's in the memory. Am sure other Adobe products could be similaryly listed as well. Executives get sucked into telling tech to add Flash to their web pages, because like far too many gamers they like the "oohh, PRETTY" over real substance and worth.

  2. Oh... dear... God by religious+freak · · Score: 5, Funny

    What kind of horrible, horrible update scheme will Adobe come up with to try to combat this?! The thoughts are too terrible to imagine...

    --
    If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
  3. Re:Hmm Windows only... and SQL injection? by Hal_Porter · · Score: 4, Funny

    It's Windows only because Microsoft wrote it to promote their Silverlight initiative. Siverlight doesn't work on Macs or Linux, so there's no point porting the exploit there.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  4. Re:Malware-laden by Opportunist · · Score: 2, Funny

    Won't anyone here PLEASE think of the servers?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Proverb by Rastignac · · Score: 3, Funny

    In France, a popular IT proverb says "Adobe, c'est de la daube". True one more time today...
    (won't translate; lost in translation).

    --
    -- Rastignac was here.
    1. Re:Proverb by Gandalf · · Score: 2, Funny

      And here in Holland the proverb goes "Rather than Adobe, a doobie". (True every day...)

  6. Re:And people by NoobixCube · · Score: 4, Funny

    An example of the knowledge of the masses: When I commented to my mother that I spent the day watching flash cartoons, she thought I meant animated porn.

    --
    Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
  7. Re:And people by Spad · · Score: 5, Funny

    Lucky guess?

  8. Re:And people by Opportunist · · Score: 2, Funny

    Umm... there are other cartoons on the net?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re:Flash perpetual vulnerability by BollocksToThis · · Score: 3, Funny

    I personally require none of that dada.

    Slow down on the keyboard there, Oedipus.

    --
    This sig is part of your complete breakfast.
  10. Re:And people by NoobixCube · · Score: 5, Funny

    That's completely beside the point :P

    --
    Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
  11. Kids these days... by Digestromath · · Score: 2, Funny

    Back in my day the only way to animate porn was flip the pages real fast. When technology does all the hard work for you, you lose any sense of personal accomplishment.

  12. Re:And people by Rojo^ · · Score: 3, Funny

    Now that you mention it, Strongbad is topless far too often....

    --
    <:
  13. Re:This is NOT a 'zero day flaw'..... by Daengbo · · Score: 3, Funny

    If that's your definition, ('zero day' == ) then it still hasn't been used correctly, since the linked article is already a day old.
    and
    Given that the phrase 'zero day' is made of two single syllable words ...

    OneSmartFellow isn't today.

    --
    Put identity in the browser.
  14. Re:And people by Anonymous Coward · · Score: 2, Funny

    $git init
    $git commit -a -m "That was easy."