Just a quick note to say we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.
UPDATE: This exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 188.8.131.52 (CVE-2007-0071). We strongly encourage everyone to download and install the latest Flash Player update, 184.108.40.206.
This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 220.127.116.11 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 18.104.22.168.