It was released in order to fix the Adobe Shockwave files which are susceptible when made through the Flex Software Development Kit Compiler of Adobe. Meanwhile, Carettoni and Gentile discovered files which need to be recompiled after the patch has been applied. Both of them tipped off the ‘unknown’ affected websites along with Adobe.
The hacker duo declared in an advisory that even with the latest Flash Player, vulnerable Flex Applications can be misused. Attackers can take advantage of this vulnerability against the latest Flash plugin and web browsers. It is possible when the SWF file was compiled using a weak Flex SDK. After recognizing the potential risk, the hackers conducted a large-scale analysis by finding out SWFs hosted on major websites. These files were then analyzed using a custom tool which can detect vulnerable code patterns.
The helpful duo published a ParrotNG tool necessary for system administrators to find out vulnerable files on websites that are affected. The process will reveal detailed exploitation steps. According to them, the admins should use the latest Flex SDK and patch to recompile the SWF Flash files.
Stay tuned for more updates on Adobe Flash Player!