Patched Security Flaw of Flash SWF from Adobe Continues to Victimize Users: Zscaler
According to experts from Zscaler the security company, although Adobe patched a Shockwave Flash (SWF) security flaw long time back, end-users who missed making personal browser plug-ins up-to-date continue to be greatly targeted with cyber-criminals' assaults, which work on Flash Player's obsolete edition. Softpedia.com published this on November 11, 2011.
Adobe, back during April 2011, ensured that the flaw with which an attacker could run arbitrary code alternatively execute DOS (denial-of-service) condition via the use of a maliciously designed Flash content wouldn't be able to harm any consumer of its products if they upgraded to the most recent edition of the SWF.
Now, seemingly as many consumers continue to use the previous editions they 're being easily targeted with hackers' assaults that add malicious SWF files to html web-pages or Microsoft Office files.
Reportedly, the experts recently discovered a source that implanted one nb.swf shockwave flash onto a web-page that Adobe's Flash Player ran after the implanting.
Running an nb.swf results in memory corruption within Flash Player that lets a random shellcode to be run disguised like one input parameter.
Security researchers at Zscaler said that VirusTotal scanned nb.swf as a Trojan Downloader that was utilized for serving more malicious programs to the contaminated computers.
Attackers continue to widely target Flash and more kinds of browser plug-ins even through familiar security flaws, which have already been fixed with security patches. The reason being, they are aware about plug-ins usually staying un-patched over a length of time, the researchers note.
Earlier, during April-June 2011, Zscaler saw that approximately 7% of all Web-browsers, which had Flash Player loaded, ran an obsolete as well as potentially flawed edition of the application. Additional existent plug-ins, however, were even badly attacked, the researchers comment.
In conclusion, the software security company says that it's evident from the above incident that incorporating product updates is very important in addition to continuously updating anti-virus software. Often, hackers rely on operating system and browser vulnerabilities for compromising computers and stealing users' data from them, therefore, computer-users require making their devices safe by necessarily loading the patches whenever they're available from the company.
Related article: Patched Adobe Acrobat Reader Still Causing Threat
» SPAMfighter News - 22-11-2011