However, the Linux version of Adobe’s stand-alone Flash Player, version 9.0.124, is vulnerable to the attack. Now Symantec believes that the bug was previously known and patched by Adobe on April 8, said Ben Greenbaum, a senior research manager with Symantec Security Response. The flaw allowed attackers to install unauthorized software on a victim’s machine and was being used to install botnet programs and password-logging software, Symantec said. Symantec’s initial warning described a disturbing threat-a previously unknown and unpatched flaw that was being exploited on tens of thousands of Web pages. After warning on Tuesday that hackers were exploiting an unpatched bug in Adobe Systems’ Flash Player software, Symantec has backtracked from this claim, saying the flaw is “very similar” to another vulnerability that was patched last month.
