Yesterday we received several queries regarding a new memory corruption vulnerability affecting Adobe Flash Player and malware that exploits this vulnerability via malicious SWF files.
We have received samples and can confirm that the threat is valid. Detection was issued yesterday for Sophos customers in the form of Troj/SWFexp-A, Troj/SWFexp-B and Troj/SWFexp-C. We have also issued generic detection in the form of Sus/SWFScene-A.
We do not consider this vulnerability to be significantly dangerous but advise users to ensure that they are running the latest version of Adobe Flash Player (currently 220.127.116.11), and remain vigilant when browsing the internet and particularly when viewing SWF content.
- Test which version of Adobe Flash you are running
- Download the latest version of Adobe Flash Player from Adobe's website
- Read more about the Adobe Flash vulnerability
Coincidentally a second SWF issue was brought to our attention yesterday after SANS published an article on their blog page. This issue involves the hosting of malicious SWF files that attempt to download further malware.
We have been seeing SWF malware for some time and do not consider the issue to be a zero-day vulnerability. Some detections for threats of this type include Troj/SwfDL-A, Troj/SWFdldr-A and Troj/SWFdldr-B.