|11 Apr 2011||#1|
Adobe warns of new Flash Player zero-day attack
Once again folks......
Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.
This latest Flash Player zero-day attack comes just weeks after EMC’s RSA Division was hit with a malware attack that used a rigged Flash (.swf) file embedded in a Microsoft Excel document.
In both cases, the attacks are being used to steal corporate secrets.
Here’s the gist of the latest Flash Player zero-day:
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.
Adobe says it is in the process of finalizing a schedule for delivering patches for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.
Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe plans to fix this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
AFFECTED SOFTWARE VERSIONS
Adobe warns of new Flash Player zero-day attack | ZDNet
|My System Specs|
|11 Apr 2011||#2|
The frequent amount of 0 days being found in Adobe products is becoming quite troublesome. It's enough hassle having to update my XP guest computer semi-frequently, but to have to do it for all three of my computers' would be rather time consuming. Is why I removed Adobe Reader/Flash from my two Windows 7 computers.
Yes Flash does have a high profile, just like the Windows OS's does, hence why they are frequently targeted. HOWEVER, I have only ever been affected by one Windows exploit and that was quite some years ago, back when I only had XP computers. It was the Windows blaster virus. No Windows exploit before or after that has affected my computers. My current XP guest computer on the other hand has been hit once or twice by Flash exploits when relatives came around and their kids did some casual browsing but it's easily restored and contains no personal data (almost like a dumb terminal but not )
|My System Specs|
|Similar help and support threads for2: Adobe warns of new Flash Player zero-day attack|
|IE9 vs. Adobe Flash Player 11||Browsers & Mail|
|Adobe warns of 'critical' Flash Player security holes 3/6/12||Security News|
|Adobe Flash Player 10.3||Browsers & Mail|
|New Adobe Flash Attack -Fix is out||News|
|HELP with Adobe Flash Player||Browsers & Mail|
|Adobe Flash Player||Software|
|Adobe Flash Player||Browsers & Mail|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 10:41 AM.