A critical zero-day Flash exploit that arrives in a PDF file is being used in attacks aimed at Adobe Reader and Acrobat 9.x. The exploited vulnerability is found across all major platforms, and a patch is not expected to be available for a couple of weeks.
A critical zero-day Flash exploit that arrives in a PDF file is being used in attacks aimed at Adobe Reader and Acrobat 9.x. The exploited vulnerability is found across all major platforms, and a patch is not expected to be available for a couple of weeks.The exploited Flash vulnerability is found across all major platforms, Adobe stated when acknowledging the problem:
"A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems."
The exploit arrives by way of a trojan-bearing PDF file attached to an e-mail promising info about a government-released Personnel Management iPad/iPhone app -- making the mail particularly tempting for people seeking jobs.
But even if all of your employees are happy and secure in their positions, they need to be warned about this exploit:
Once executed, the malware can, according to Adobe, "cause a crash and potentially allow an attacker to take control of the affected system."
The company announced a fix schedule that calls for the Flash bug repair to be released November 9, with the Reader and Acrobat repairs to be released the week of November 15.
Good idea to pass that information along, to mark your calendars for the patch release dates... and to remind your people once more not to open unsolicited e-mail of any sort, and to be hyper-wary of any e-mail with a PDF attachment.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.