Adobe Hit by Yet Another Flash 0-day Exploit

I’m concerned about the recent security issues with Adobe products too … but what’s the alternative?

Some time ago I made the decision to dump the two popular Adobe products Adobe Flash and Adobe Reader from my system. Since then, Adobe did not come to rest, as the company was hit by one 0-day exploit after the other. What made matters worse was the reaction time to fix the exploits, which usually were a week at best and often a month or more.

User systems in the meantime were susceptible to those attacks. The latest critical vulnerability in Flash was revealed in a security advisory at the Adobe website.

The critical vulnerability in all Flash Player versions for all supported operating systems – yes even Android – impacts not only systems running Flash, but also systems running Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4.

Adobe states that “this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system” with reports that the vulnerability is already actively exploited in the wild “against Adobe Flash Player on Windows”.

Adobe expects to provide an update during the week of September 27 for Adobe Flash Player, and October 4 for Adobe Reader and Acrobat.

Until then, all users running Adobe Flash or Adobe Reader / Acrobat are vulnerable to the critical weakness. Make sure your security software detects the vulnerability and blocks it from execution.

One question that Chrome readers may have in mind: Is the built in Flash plugin also susceptible for attacks? In short, yes it is. The latest Chrome internal Flash Player plugin version is listed as 10.1.82.76, which is exactly the version that is vulnerable. The design of the browser may however mitigate the impact on the system, as may the out of process feature of the Firefox web browser.

We say “may” because we have no confirmation at this point.


© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures Remote Console Server products, Switched PDU products and A/B Fallback Units. WTI products are designed to solve common network problems and manufactured to endure.

Tags: , , , , ,

Comments are closed.