From Nibble Sec we get one of those stories that makes roll our eyes. Actually, it makes us shake our heads but Your JoeDog refuses to type ‘SMH.’ Wait a second – you just typed it! Shaddup.
A four-year-old Adobe bug (CVE-2011-2461) is back from the dead. The flaw puts flash users at risk of having their sessions hijacked. But this bug was patched by Adobe back in November 2011 — why are we talking about it now?
Static libraries! If an app was compiled using the vulnerable SDK, then it still contains the vulnerable code unless it’s recompiled with a patched SDK.
Here’s how it works: Static libraries contain subroutines which are compiled into the executable. In this case, bad binary code was copied into the app. To fix the bug, you need to recompile the app so good code gets copied into it.
Really? Yes. Really.
“I have nothing to do today.” –Nobody in IT, ever.