After initially believing that the patch for a version of Adobe's Flash player on Linux was ineffective, Symantec finds the fix is effective on all platforms.After further analysis, researchers at Symantec have determined a patch issued by Adobe to address a bug in Flash Player is effective across all platforms.
Researchers there initially thought the patch did not work on the standalone Adobe Flash Player version 9.0.124.0 on Linux because it displayed behavior researchers thought was suspect. Adobe issued a patch for the vulnerability in April. While the latest version of Flash Player, 9.0.124.0, is immune, security researchers recommend users upgrade as the old version of the player is still vulnerable.
“The latest Linux player, when used to open the exploit file, would abruptly exit silently,” explained Ben Greenbaum, senior research manager at Symantec Security Response. “Stack analysis revealed several internally handled segmentation faults, which is not normally desired behavior for a program. Often, it is a sign of an exploit that successfully leveraged the vulnerability but that used improper offsets or payload code.”
Opening various non-hostile SWF files did not produce similar results, he continued, and further research was unable to produce a successful full exploitation. Adobe, meanwhile, confirmed that what Symantec had observed was in fact expected and by design, he added.
Read the rest of this article on eWEEK.com.
