Insights and Research

Oh Flash! CVE-2011-2110 0-Day

Oh Flash! CVE-2011-2110 0-Day
This past Tuesday, June 14, a vulnerability (CVE-2011-2110) in the Adobe Flash Player was patched. This vulnerability is actively being exploited in the wild - prior to the patch, the earliest exploitation that we have seen in our logs thus far, dates back to early last Thursday (June 9th).
Attackers have/are embedding redirects into compromised legitimate websites (including an Indian government site, a US airport site, and an aerospace site, among others). The redirects direct user's web-browsers to access the flash exploit - once the victim machine is exploited it downloads, decodes, and executes malcode.
Working with Steven from Shadowserver we were able to collectively share information to benefit the community and a public, detailed report was subsequently released on their website. Their report lists the sites/servers that we helped identify that have hosted the malicious content, as well as provides guidance for handling this threat. Among the recommended guidance:
  • Patch! Flash Player older than (or for Android) is vulnerable. You can check your version here.
  • Block the identified malicious servers/pages/binaries - this has already been done for customers using our cloud.
  • Block/monitor for additional sites using the same attack pattern - this has already been done for customers using our cloud. Shadowserver released a Snort signature in their report to assist with identifying this pattern as well.
A special thanks to Steven from Shadowserver.

Stay up to date with the latest digital transformation tips and news.

By submitting the form, you are agreeing to our privacy policy.