The Adobe developers have been quick to issue an update and to solve the problem

May 1, 2014 11:40 GMT  ·  By

Kaspersky security experts have discovered that an Adobe Flash Player 0-day vulnerability was present on all the platforms currently running the software, namely Windows, Mac OS X, and Linux.

All the vulnerabilities and other security issues are now treated a lot more seriously after the Heartbleed bug was discovered in OpenSSL, which is a vital component of the Internet infrastructure.

Adobe's Flash Player is also an integral part of the Internet and it's present on most of the major platforms out there, even if some are trying to shake this dependency. It raises eyebrows when people find a security issue in Flash, a problem that is not only potentially dangerous, but also ready to be exploited on any platform.

“We received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature. There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics.”

“According to KSN data, these exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shellcodes. It should be noted that the second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted,” noted the Kaspersky security experts on securelist.com.

In such situations, the vulnerabilities are sent to the company, in this case Adobe. After working on a fix for a few days, Adobe has released a patch for Flash on all platforms. The security issue was named CVE-2014-0515 and it seems that so far it has been used only against the Windows platform.

This doesn't mean that Linux and Mac OS X were not vulnerable, just that so far it seems that people running on these systems have not been affected.

The Adobe Flash Player is no longer actively developed for Linux, and it only receives small security updates like this one. If you notice a small Flash update on your Linux system, you now know what it’s for.

Adobe also recognized the contribution of Alexander Polyakov of Kaspersky Labs in finding this 0-day bug and in solving this pressing security issue.