Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here. Adobe’s details are published here. One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young’s Advanced Security Center) Rob Carter, see the picture to the right of Rob and I rollin’ with large stacks of Euros (not really, it was actually like 10 Euros, aka $10,000.00 with the way the dollar is these days) in Amsterdam during Black Hat Europe. The flaw we discovered is a DNS Rebinding flaw that’s a bit unique. It takes advantage of some DNS canonicalization issues, and I really feel like it may be useful in other attack vectors as well. My good friend Rob has already posted the details on his “Farfromr00tin” blog, and the analysis is quite good, so I will paraphrase this here.
Adobe, DNS, Domain, Microsoft, Internet Explorer, Browser, Domain Name, Flaw, Rob, Flash, Security Update, Patch