Security Insights

Oh Flash! CVE-2011-2110 0-Day

Oh Flash! CVE-2011-2110 0-Day
This past Tuesday, June 14, a vulnerability (CVE-2011-2110) in the Adobe Flash Player was patched. This vulnerability is actively being exploited in the wild - prior to the patch, the earliest exploitation that we have seen in our logs thus far, dates back to early last Thursday (June 9th).
Attackers have/are embedding redirects into compromised legitimate websites (including an Indian government site, a US airport site, and an aerospace site, among others). The redirects direct user's web-browsers to access the flash exploit - once the victim machine is exploited it downloads, decodes, and executes malcode.
Working with Steven from Shadowserver we were able to collectively share information to benefit the community and a public, detailed report was subsequently released on their website. Their report lists the sites/servers that we helped identify that have hosted the malicious content, as well as provides guidance for handling this threat. Among the recommended guidance:
  • Patch! Flash Player older than (or for Android) is vulnerable. You can check your version here.
  • Block the identified malicious servers/pages/binaries - this has already been done for customers using our cloud.
  • Block/monitor for additional sites using the same attack pattern - this has already been done for customers using our cloud. Shadowserver released a Snort signature in their report to assist with identifying this pattern as well.
A special thanks to Steven from Shadowserver.

Get the latest Zscaler blog updates in your inbox

Subscription confirmed. More of the latest from Zscaler, coming your way soon!

By submitting the form, you are agreeing to our privacy policy.