It has been reported that there is a code injection vulnerability in the latest version of the Adobe Flash player (9.0.124.0) by researchers at the SANS Institute's Internet Storm Center and Symantec. The vulnerability could allow for remote code execution, and so far it seems like the in-the-wild results are redirects to one of three China-based domains serving up exploit code; naturally those domains are not given.
Adobe states:
we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.
on their security blog, and I would expect a quick response from the Flash team.
The information I have been able to find is sketchy and vague at best, so I wouldn't flip out just yet. I would also suggest not following Symantec's over-reactionary advice to corporate clients that they uninstall the Flash player until it gets fixed. In fact, unless the company has a vigorous regular and automated update system in place, I would wager that a good portion of them don't have a huge population of computers with the latest player on their network. Hell, I build Flash sites/thingamabobs every day and I don't have the latest version on all but one of my machines; which includes my work desktop.
This is isn't the first vulnerability, and I'm sure it won't be the last. The haxors are a ingenious bunch….Just last month they patched the Pwn to Own bug, which won a dude 5k for taking down a Vista box in the Pwn to Own challenge at CanSecWest.The patch included seven updates to the player, which could also allow for remote code execution – which seems to be the only thing that hackers look for; if you look at what the vulnerabilities notes are for most of Windows Security Updates anyway.
If I find out more during the day, I will post further details – or check Adobe for updates
**UPDATE: The issues seems to be resolved with a quick update release (9.0.124.0). Hopefully not too many folks followed the advice of Symantec to unistall the player – but then again if they did, I guess this is what you get…..