Advertisement
Promo

Security threats Toolkit

Adobe investigates zero-day Flash attacks

Elinor Mills CNET News

Published: 23 Jul 2009 17:05 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

On Wednesday, researchers at Symantec announced that they have uncovered attacks where malicious Adobe Acrobat PDF files are exploiting a vulnerability in Flash and dropping Trojans onto computers.

The situation could affect a large number of users, since Flash exists in all popular browsers, is available in PDF files and is largely operating system-independent.

Any software that uses Flash could be vulnerable to an attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a web security services provider.

In a post on its website, Adobe said it "is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information."

"The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique," wrote Patrick Fitzgerald on a Symantec security blog post.

"Typically an attacker would entice a user to visit a malicious website or send a malicious PDF via email," he continued. "Once the unsuspecting user visits the website or opens the PDF, this exploit will allow further malware to be dropped onto the victim's machine. The malicious PDF files are detected as Trojan.Pidief.G and the dropped files as Trojan Horse."

It appears the exploit was first developed two weeks ago, Royal said. The bug itself has been around since December 2008.

The hole is exploitable on Windows XP and Vista users are protected if User Account Control (UAC) is enabled, Symantec said.

US-Cert has offered information about workarounds on its website:

  • Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files:
    "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and
    "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll"
  • Disable Flash Player or selectively enable Flash content as described in the 'Securing Your Web Browser' document.

 

Credit: Adobe investigating zero-day bug in Flash from CNET News

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
6 out of 6 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Senior Web Designer; CSS XHTML SEO Adobe Flash Photoshop Illustrator

Web Designer/Developer

Graduate Web Designer ASP/Adobe Photoshop/Dreamweaver/Flash

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters