Adobe Flash Zero-Day Attack Underway

← Back to Stories (view on slashdot.org)

Adobe Flash Zero-Day Attack Underway

Posted by kdawson on Tuesday May 27, 2008 @07:26PM from the gone-in-a-flash dept.

Robellus writes "Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.'"

10 of 246 comments (clear)

Min score:

Reason:

Sort:

SNAFU by Anonymous Coward · 2008-05-27 19:31 · Score: 4, Funny

Situation Normal, All Flashed Up
Oh... dear... God by religious+freak · 2008-05-27 19:52 · Score: 5, Funny

What kind of horrible, horrible update scheme will Adobe come up with to try to combat this?! The thoughts are too terrible to imagine...

--
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Re:Hmm Windows only... and SQL injection? by Hal_Porter · 2008-05-27 20:16 · Score: 4, Funny

It's Windows only because Microsoft wrote it to promote their Silverlight initiative. Siverlight doesn't work on Macs or Linux, so there's no point porting the exploit there.

--
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Proverb by Rastignac · 2008-05-27 20:39 · Score: 3, Funny

In France, a popular IT proverb says "Adobe, c'est de la daube". True one more time today...
(won't translate; lost in translation).

--
-- Rastignac was here.
Re:And people by NoobixCube · 2008-05-27 20:41 · Score: 4, Funny

An example of the knowledge of the masses: When I commented to my mother that I spent the day watching flash cartoons, she thought I meant animated porn.

--
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
Re:And people by Spad · 2008-05-27 20:54 · Score: 5, Funny

Lucky guess?
Re:Flash perpetual vulnerability by BollocksToThis · 2008-05-27 21:16 · Score: 3, Funny

I personally require none of that dada.

Slow down on the keyboard there, Oedipus.

--
This sig is part of your complete breakfast.
Re:And people by NoobixCube · 2008-05-27 22:10 · Score: 5, Funny

That's completely beside the point :P

--
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
Re:And people by Rojo^ · 2008-05-27 23:14 · Score: 3, Funny

Now that you mention it, Strongbad is topless far too often....

--
<:
Re:This is NOT a 'zero day flaw'..... by Daengbo · 2008-05-27 23:19 · Score: 3, Funny

If that's your definition, ('zero day' == ) then it still hasn't been used correctly, since the linked article is already a day old.
and
Given that the phrase 'zero day' is made of two single syllable words ...

OneSmartFellow isn't today.

--
Put identity in the browser.