Microsoft suspects Adobe Flash crash testing opened it up to attacks

FUZZING TECHNIQUES might have been used to find a recent zero-day vulnerability in Adobe Flash Player that opened it up to attacks.

In a detailed analysis, Microsoft said it suspects that fuzzing was used on clean Flash files to find the vulnerability. Fuzzing is a technique where hackers use destructive software testing, proactively trying to break software by systematically sending it broken inputs.

Fuzzing will successfully break software much of the time, but it will also find previously unknown flaws, comparable to crash testing found in the car industry. The Vole said it found a file on the Internet that might have been used for fuzzing Adobe's Flash Player.

It appears black hat hackers discovered the exploit and took advantage of it very quickly. White hat security researchers likely would have informed Adobe about the problems before attacks occurred.

Adobe warned earlier this week about the attacks, which can hide inside Microsoft Excel documents as a vehicle to deliver the exploit.

Microsoft said, "We advise you that, for the time being, you don't click any suspicious Excel files or hyperlinks."

"We've only seen this attack delivered through Excel files, but there is no reason why this attack cannot also be achieved through bare Flash files." µ