After further analysis, researchers at Symantec have determined a patch issued by Adobe to address a bug in Flash Player is effective across all platforms.
Researchers there initially thought the patch did not work on the standalone Adobe Flash Player version 126.96.36.199 on Linux because it displayed behavior researchers thought was suspect. Adobe issued a patch for the vulnerability in April. While the latest version of Flash Player, 188.8.131.52, is immune, security researchers recommend users upgrade as the old version of the player is still vulnerable.
“The latest Linux player, when used to open the exploit file, would abruptly exit silently,” explained Ben Greenbaum, senior research manager at Symantec Security Response. “Stack analysis revealed several internally handled segmentation faults, which is not normally desired behavior for a program. Often, it is a sign of an exploit that successfully leveraged the vulnerability but that used improper offsets or payload code.”
Opening various non-hostile SWF files did not produce similar results, he continued, and further research was unable to produce a successful full exploitation. Adobe, meanwhile, confirmed that what Symantec had observed was in fact expected and by design, he added.
The bug, which has been used by hackers to launch malware attacks via compromised Web sites, is CVE 2007-0071. Discovered last year, the flaw can be exploited with a specially crafted SWF file.
Wednesday, estimates on the number of Web sites hosting the malicious SWF files ranged from 20,000 to more than ten times that amount, as researchers at McAfee reported that while Googling for compromised sites that link to scripts that link to the flash exploits, they uncovered nearly 250,000 page results.