Latest Flash Vulnerability Being Actively Exploited

According to a SecurityFocus warning, infrastructure software giant Symantec has discovered a remote code-execution vulnerability in Adobe Flash Player which is being actively exploited across the Web. Although specific details of the actual vulnerability have yet to be unveiled, it looks as though a hacker can exploit the flaw to execute arbitrary code and essentially have their way with a victim's computer. Symantec has found that malicious code is being injected into third-party domains, affecting about 20,000 Web pages. When a user visits one of these pages, which were likely infected through SQL-injection attacks, the malicious code then redirects them to other sites hosting SWF files specially crafted to exploit the vulnerability in question. Even failed exploit attempts can result in DoS conditions.

The warning confirms that Flash Player 9.0.115.0 and 9.0.124.0 (the version currently being distributed by Adobe) are vulnerable to attack. However, it states that other versions may be at risk as well. "Just a quick note to say we are aware of today's report of a potential exploit involving Flash Player in the wild," Adobe's Product Security Incident Response Team stated this morning on its blog. "We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information."

You may want to utilize an extension such as NoScript or Finjan SecureBrowsing to disable Flash within your browser until a suitable patch is released.