Flash Exploit On The Move Via PDF File - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
10/29/2010
01:20 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Flash Exploit On The Move Via PDF File

A critical zero-day Flash exploit that arrives in a PDF file is being used in attacks aimed at Adobe Reader and Acrobat 9.x. The exploited vulnerability is found across all major platforms, and a patch is not expected to be available for a couple of weeks.

A critical zero-day Flash exploit that arrives in a PDF file is being used in attacks aimed at Adobe Reader and Acrobat 9.x. The exploited vulnerability is found across all major platforms, and a patch is not expected to be available for a couple of weeks.The exploited Flash vulnerability is found across all major platforms, Adobe stated when acknowledging the problem: "A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems."

The exploit arrives by way of a trojan-bearing PDF file attached to an e-mail promising info about a government-released Personnel Management iPad/iPhone app -- making the mail particularly tempting for people seeking jobs.

But even if all of your employees are happy and secure in their positions, they need to be warned about this exploit:

Once executed, the malware can, according to Adobe, "cause a crash and potentially allow an attacker to take control of the affected system."

The company announced a fix schedule that calls for the Flash bug repair to be released November 9, with the Reader and Acrobat repairs to be released the week of November 15.

Until then, Adobe recommends that users delete or remove or rename the authplay file(s) on their systems. Platform specific authplay delete/remove information is here (scroll down).

Good idea to pass that information along, to mark your calendars for the patch release dates... and to remind your people once more not to open unsolicited e-mail of any sort, and to be hyper-wary of any e-mail with a PDF attachment.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll