20,000 Web pages help exploit 'patched' Flash flaw


FS Owner
A possible zero day exploit has been discovered for a flaw in Flash thought to have been patched by Adobe a month ago.

Symantec researchers claim the exploit has several different payloads, including one to steal passwords from systems with the vulnerable software. Affected versions of Adobe Flash Player include (latest version) and

Around 20,000 legitimate Web pages have been manipulated, likely via SQL-injection vulnerabilities, to redirect browsers to domains in China which host the exploit, according to Vincent Weafer, senior director of development for Symantec's Security Response team.

</img> View Full Article: ZDNet Australia