Send tip

Hackers Exploit Newest Adobe Flash Bug

Written on November 01, 2010 by Adam Eve

3 persons

Adobe acknowledged another flaw on their Flash player, as Mila Parkour reported the bug. Users must be aware of some PDF files that are sleeping inside their computers. Or else it may drop a bomb.

Adobe confirmed today that hackers are exploiting a critical un-patched bug in Flash Player. According to a security advisory issued by the company: “There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat.”

Mila Parkour, an independent security researcher, reported that a malicious PDF file document exploits the bug in Reader, then drops a malware on the victimized machine. All versions of Flash on Windows, Mac, Linux, and Android carries the bug by the “Authplay” component of Reader and Acrobat 9.x. And while no patch is available yet, users can protect themselves by deleting the authplay.dll. However, it will crash the Reader and Acrobat when it access a file that contains a Flash content.

Adobe promised to issue a fix by November 9, and will update the Reader and Acrobat a week after that.

View Article Source »

Adobe Warns About Zero-day Hole

Written on September 09, 2010 by Adam Eve

0 person

It's a big "fire in the hole" with Adobe's Acrobat Reader 9.3.4 as exploits has been discovered by the company. There's not patch available yet, so move over before the bomb explodes right at your face.

According to a company statement, Adobe learned last Tuesday that their Acrobat Reader is being exploited in the wild. The vulnerability was found in Adobe Reader 9.3.4 and earlier versions for Macintosh, Windows and Unix. As stated in a security advisory, the hole can enable an attacker to take control of an affected computer and eventually millions of other PCs that uses the Adobe Software. Unfortunately, there no mitigations that can be provided by the company as of the moment. Still, Adobe is actively sharing the information about this issue with partners in the security community to quickly develop detection and quarantine methods. Until a patch becomes available, the schedule for a security update release is still under evaluation.

View Article Source »


View all