iT邦幫忙

16

Flash爆零時差攻擊, Symantec已澄清那不是"零時差攻擊

  • 分享至 

  • xImage
  •  

"Symantec: Sorry, Flash Player attack not a zero day"
http://www.zdnet.com.au/news/security/soa/Symantec-Sorry-Flash-Player-attack-not-a-zero-day/0,130061744,339289430,00.htm
Symantec: Sorry, Flash Player attack not a zero day
Liam Tung, ZDNet.com.au

29 May 2008 03:14 PM

Tags: adobe, flash, flaw, nishad herath, security, symantec, zero day, ibm

After suspecting a zero day exploit was being used to attack the latest version of Flash Player (9.0.124.0), Symantec says the call was a mistake — it was an exploit for versions 9.0.115.0 and prior.

Yesterday it was feared that hackers were using a malicious ShockWave Flash file which Symantec researchers thought was a zero day exploit for the latest version of Flash Player.

Symantec, however, shied away from confirming that it was a zero day exploit, as it appears to be designed for a flaw which Adobe patched in April, prior to it being publicly disclosed by an IBM security researcher.

"Originally this issue was believed to be unpatched and unknown, but further technical analysis has revealed that it is the previously reported Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability (BID 28695), discovered by Mark Dowd of IBM," Symantec reported on its ThreatCon page today.

Adobe has also confirmed the exploit is not new. "This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere — customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit," it states on its Product Security Incident Response Team site.

The CEO of security consultancy Novologica, Nishad Herath, who yesterday acquired a sample of the exploit, told ZDNet.com.au today that the error appears to have been caused by a reference in the malicious SWF file to the new version of Flash Player.

"Actually [the code] does have references to the latest version of Flash, but it is not exploiting a new zero day — it is exploiting the old patched vulnerability," he said.

"It means Adobe patched the flaw properly, but Symantec has made a mistake... The exploit writer had made a reference to a SWF file with the name 9.0.124.0.swf, so it may just be that they were planning to add something to that exploit that may work on the new version in the future, should a zero day vulnerability be released… They might have been attempting to make this code base future-proof, but it's of no real relevance [to the exploit]," said Herath.

Adobe recommends updating Flash Player to the latest version since older versions are vulnerable to the exploit which Symantec discovered yesterday.


圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中
0
xzjiang
iT邦研究生 2 級 ‧ 2008-06-13 11:30:58

「Symantec: Sorry, Flash Player attack not a zero day」
正確文章網址如下:
Symantec: Sorry, Flash Player attack not a zero day

謝謝指正!

0
jerry640
iT邦新手 1 級 ‧ 2008-06-13 16:13:24

用道歉的方式聲明,也讓原本adobe的漏洞因小口水戰轉移了焦點~

0
jjw
iT邦研究生 1 級 ‧ 2008-06-19 23:55:55

謝謝分享

0
davistai
iT邦大師 1 級 ‧ 2008-06-20 11:32:06

可學一下怎麼用英文寫類似的聲明稿^^

0

感恩分享了!

我要留言

立即登入留言