Attackers Target New Adobe Flash/Reader Flaw
Adobe Systems Inc. said Tuesday it is investigating reports that attackers are exploiting a previously unknown security hole in its Acrobat, Flash and PDF Reader applications.
Adobe's security advisory says the security weakness appears to affect Adobe Reader and Acrobat 9.1.2, as well as Adobe Flash Player 9 and 10.That's about the extent of the information provided by Adobe at this point.
Meanwhile, Symantec says it has seen several instances of this vulnerability being exploited in targeted attacks -- such as those in which the attackers include a poisoned attachment in an e-mail that addresses the recipient by name.
Marc Fossi, manager of development at Symantec, said the attacks the company has seen so far involve booby-trapped PDF files that take advantage of Adobe Flash functions built into Reader. Fossi said none of the attacks so far have used stand-alone Flash, such as a malicious Flash movie embedded in a Web site.
"I don't want people super panicking about this, but the potential is there that this vulnerability could be exploited through Web sites," Fossi said.
Firefox users can block Flash from rendering automatically using add-ons like Noscript, Request Policy, and Adblock Plus. I find Adobe Reader to be slow, and prefer the free Foxit Reader, which I'd recommend over Adobe's PDF reader any day. There are, however, other free PDF reader alternatives as well, including Sumatra PDF and PDF-XChange Viewer.
Update, 5:48 p.m. ET: Computer security firm Purewire writes in to say they have seen Web sites exploiting this vulnerability using poisoned Flash movies. According to them, not a single anti-virus product is detecting the malicious Flash file as harmful.
Purewire says it appears this exploit has been around since at least July 9, but that Adobe has known about the bug since at least December 2008.
Update, July 23, 5:11 p.m.: Adobe has released a more detailed bulletin about this flaw indicates that it is indeed a Flash vulnerability, and that Reader and Acrobat are vulnerable also because they bundle Flash capability. Adobe says it expects to ship an update for Flash Player v. 9 and v.10 on Windows, Mac and Linux systems on July 30, and an update for Windows, Mac and Linux versions of Adobe Reader and Acrobat v. 9.1.2 the following day.
For anyone hankering for a geekier view of how this exploit and vulnerability works, check out FireEye's writeup here.
July 22, 2009; 4:56 PM ET
Categories: Latest Warnings , Safety Tips | Tags: 0day, adobe acrobat reader
Save & Share: Previous: Microsoft Scrambling to Close Stubborn Security Hole
Next: Service Offers to Retrieve Stolen Data, For a Fee
Posted by: mhenriday | July 22, 2009 6:14 PM | Report abuse
Posted by: BTKrebs | July 22, 2009 6:30 PM | Report abuse
Posted by: conspirator5 | July 22, 2009 11:14 PM | Report abuse
Posted by: naud | July 23, 2009 12:50 AM | Report abuse
Posted by: Bartolo1 | July 23, 2009 8:04 AM | Report abuse
Posted by: annanemas | July 23, 2009 8:11 AM | Report abuse
Posted by: bmuller | July 23, 2009 10:13 AM | Report abuse
Posted by: eiverson1 | July 23, 2009 10:26 AM | Report abuse
Posted by: BTKrebs | July 23, 2009 10:27 AM | Report abuse
Posted by: josh15 | July 23, 2009 1:11 PM | Report abuse
Posted by: eiverson1 | July 23, 2009 1:42 PM | Report abuse
Posted by: Apostrophe | July 23, 2009 7:56 PM | Report abuse
Posted by: Hoku1 | July 24, 2009 4:38 PM | Report abuse
Posted by: nethawk888 | July 30, 2009 11:11 AM | Report abuse
The comments to this entry are closed.