http://www.symantec.com/connect/blogs/0-day-attack-wild-adobe-flash-reader-and-acrobat
We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory are in the wild.
We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory are in the wild.
The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX. Adobe has categorized this as 'critical', which is the highest level in it's severity rating.
[...]
The attacks seem limited at this point. However, other cyber criminals may jump on the bandwagon to take advantage of the vulnerability in the very near future. So it's advisable that you visit Adobe's security advisory and spend some time investigating what workarounds would be applicable for your environment until a patch is released.
--------------------------------------------------------------------
Mitigation Guidance
Adobe Reader & Acrobat
Other links....
Adobe PSIRT: Security Advisory for Flash Player, Reader & Acrobat
http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html
APSA10-01: Security Advisory for Flash Player, Reader & Acrobat
http://www.adobe.com/support/security/advisories/apsa10-01.html
TrendMicro: Zero-Day Flash/Acrobat Exploit Seen In The Wild
http://blog.trendmicro.com/zero-day-flashacrobat-exploit-seen-in-the-wild/
BID: Adobe Flash, Reader, and Acrobat 'authplay.dll' RCE Vulnerability
http://www.securityfocus.com/bid/40586
Adobe Labs: Adobe Flash Player 10.1 Release Candidate
http://labs.adobe.com/technologies/flashplayer10/
Attacks can take place in various situations with a few listed below:
- Receiving an email with a malicious PDF attachment.
- Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
- Stumbling across a malicious PDF or SWF file when surfing the web.
[...]
The attacks seem limited at this point. However, other cyber criminals may jump on the bandwagon to take advantage of the vulnerability in the very near future. So it's advisable that you visit Adobe's security advisory and spend some time investigating what workarounds would be applicable for your environment until a patch is released.
--------------------------------------------------------------------
Mitigation Guidance
Adobe Reader & Acrobat
In the absence of a patch, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. This will mitigate the threat but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.Adobe Flash Player
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Currently, all released 10.0.x and 9.0.x versions of Flash, including the current version (10.0.45.2) are vulnerable. The Flash Player 10.1 Release Candidate “does not appear to be vulnerable,” the company said.--------------------------------------------------------------------
Other links....
Adobe PSIRT: Security Advisory for Flash Player, Reader & Acrobat
http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html
APSA10-01: Security Advisory for Flash Player, Reader & Acrobat
http://www.adobe.com/support/security/advisories/apsa10-01.html
TrendMicro: Zero-Day Flash/Acrobat Exploit Seen In The Wild
http://blog.trendmicro.com/zero-day-flashacrobat-exploit-seen-in-the-wild/
BID: Adobe Flash, Reader, and Acrobat 'authplay.dll' RCE Vulnerability
http://www.securityfocus.com/bid/40586
Adobe Labs: Adobe Flash Player 10.1 Release Candidate
http://labs.adobe.com/technologies/flashplayer10/
No comments:
Post a Comment