Symantec: Adobe Patch Not a Problem After All
Researchers at Symantec updated their analysis of an Adobe-issued patch for Flash Player.After further analysis, researchers at Symantec have determined a patch issued by Adobe to address a bug in Flash Player is effective across all platforms. Researchers there initially thought the patch did not work on the standalone Adobe Flash Player version 220.127.116.11 on Linux because it displayed behavior researchers thought was suspect. Adobe issued a patch for the vulnerability in April. While the latest version of Flash Player, 18.104.22.168, is immune, security researchers recommend users upgrade as the old version of the player is still vulnerable.
"The latest Linux player, when used to open the exploit file, would abruptly exit silently," explained Ben Greenbaum, senior research manager at Symantec Security Response. "Stack analysis revealed several internally handled segmentation faults, which is not normally desired behavior for a program. Often, it is a sign of an exploit that successfully leveraged the vulnerability but that used improper offsets or payload code."