Zero Day Attack Targets Adobe
No patches yet while exploits are actively targeting Adobe's Flash, Acrobat and Acrobat Reader
Adobe on Friday released a security advisory warning of a vulnerability in Adobe Flash Player, Adobe Reader, and Acrobat on Windows, Macintosh, Linux, and Solaris operating systems.
The "critical" -- Adobe's most severe rating -- vulnerability could, according to the company, "cause a crash and potentially allow an attacker to take control of the affected system." Furthermore, it reported that the vulnerability was "being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader, and Acrobat."
More Software Insights
Webcasts
- Entering the Scrum: Taking the First Steps on Your Agile Journey
- Unlock the Value of Your Business Data: IBM's Integration Solution for .NET Environments
White Papers
More >>Reports
More >>The vulnerabilities exist in Adobe Flash Player 10.0.45.2 and before, and Adobe Acrobat and Acrobat Reader version 9.x, but not version 8.x.
Adobe has not yet issued a fix.
To mitigate the threat, Flash users can download the still-in-beta Flash Player 10.1 Release Candidate which, Adobe said, "does not appear to be vulnerable."
Meanwhile, for Acrobat and Acrobat Reader version 9.x, "deleting, renaming, or removing access to the authplay.dll" that ships with those files eliminates the threat, according to Adobe. On the downside, if you try to open a PDF file containing vector graphics animated with SWF (Shockwave), prepare to "experience a non-exploitable crash or error message."
Adobe's products, and in particular Flash and PDF files, have been favored targets of late for hackers, perhaps on account of their being both widely adopted and also cross-platform. In fact, according to Kaspersky Labs, just two families of Adobe-oriented attack code currently in the wild -- Exploit.Win32.Pdfka and Exploit.Win32.Pidief -- together accounted for nearly half of all exploits detected in the first quarter of 2010. The attacks utilize PDF documents containing JavaScript. If opened, they can automatically download and run malware on the user's computer.
The recent prevalence and severity of these and other attacks against Adobe's products has led the company to overhaul its patching processes, begin offering automatic security updates for Adobe Reader, and reportedly to weigh moving to a regular, monthly patch cycle, akin to Microsoft's.
InformationWeek has published an in-depth report on staying FISMA compliant and secure. Download the report here (registration required).
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSResource Links
Related Webcasts
- Entering the Scrum: Taking the First Steps on Your Agile Journey
- Unlock the Value of Your Business Data: IBM's Integration Solution for .NET Environments
- Collaborative DevOps: Bridging the gap between development and operations with automation
- SMB Server Guide: Meeting Email, Virtualization, and Business Application Challenges
- Best Practices for Improving Database Testing: Upgrades, migrations, business growth and more - ensuring you can handle the workload!
This Week's Issue
Free Print Subscription
SubscribeCurrent Healthcare Issue
- InformationWeek Healthcare CIO 25: Our second annual honor roll of the health IT leaders driving healthcare's transformation.
- EHR Unreadiness: Only a small percentage of physicians planning to apply for Meaningful Use funds have e-health record systems capable of achieving most of the requirements. .
- And much more!
- Read the Current Issue
Related Whitepapers
Featured Broadcast
Organizations must rigorously protect their data from all threats - including theft by outsiders and insiders, malicious attacks that can distort or destroy data, and inadvertent corruption or misuse by employees.Download this white paper and find out how to safeguard data and fulfill compliance mandates.
Learn More
