The Latest in IT Security

Oh Flash! CVE-2011-2110 0-Day


This past Tuesday, June 14, a vulnerability (CVE-2011-2110) in the Adobe Flash Player was patched. This vulnerability is actively being exploited in the wild – prior to the patch, the earliest exploitation that we have seen in our logs thus far, dates back to early last Thursday (June 9th).

Attackers have/are embedding redirects into compromised legitimate websites (including an Indian government site, a US airport site, and an aerospace site, among others). The redirects direct user’s web-browsers to access the flash exploit – once the victim machine is exploited it downloads, decodes, and executes malcode.

Working with Steven from Shadowserver we were able to collectively share information to benefit the community and a public, detailed report was subsequently released on their website. Their report lists the sites/servers that we helped identify that have hosted the malicious content, as well as provides guidance for handling this threat. Among the recommended guidance:

  • Patch! Flash Player older than (or for Android) is vulnerable. You can check your version here.
  • Block the identified malicious servers/pages/binaries – this has already been done for customers using our cloud.
  • Block/monitor for additional sites using the same attack pattern – this has already been done for customers using our cloud. Shadowserver released a Snort signature in their report to assist with identifying this pattern as well.

A special thanks to Steven from Shadowserver.

Leave a reply


TUESDAY, MAY 24, 2022

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments