A critical zero-day Flash exploit that arrives in a PDF file is being used in attacks aimed at Adobe Reader and Acrobat 9.x. The exploited vulnerability is found across all major platforms, and a patch is not expected to be available for a couple of weeks.
A critical zero-day Flash exploit that arrives in a PDF file is being used in attacks aimed at Adobe Reader and Acrobat 9.x. The exploited vulnerability is found across all major platforms, and a patch is not expected to be available for a couple of weeks.The exploited Flash vulnerability is found across all major platforms, Adobe stated when acknowledging the problem:
"A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems."
The exploit arrives by way of a trojan-bearing PDF file attached to an e-mail promising info about a government-released Personnel Management iPad/iPhone app -- making the mail particularly tempting for people seeking jobs.
But even if all of your employees are happy and secure in their positions, they need to be warned about this exploit:
Once executed, the malware can, according to Adobe, "cause a crash and potentially allow an attacker to take control of the affected system."
The company announced a fix schedule that calls for the Flash bug repair to be released November 9, with the Reader and Acrobat repairs to be released the week of November 15.
Good idea to pass that information along, to mark your calendars for the patch release dates... and to remind your people once more not to open unsolicited e-mail of any sort, and to be hyper-wary of any e-mail with a PDF attachment.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.