Adobe Warns of PDF, Flash Zero Day Attacks
Recently, on September 13, 2010, Adobe released a security advisory cautioning users of a critical Flash Player flaw that is actively being used in zero-day attacks by cyber hackers.
The warning accredited Shadowserver Foundation's Steven Adair for reporting the flaw.
The dangerous flaw occurs in Adobe Flash Player 10.1.82.76 along with previous versions for Windows, Solaris, Mac, Android, and Linux. The virus also distresses Adobe Reader 9.3.4 for Windows, UNIX, and Mac plus Adobe Acrobat 9.3.4 and former versions for Mac and Windows.
Particularly, the fault allows hackers to execute a malicious attack that could crash users' systems and manipulate affected computer to access personal information like financial accounts and personal information. Attackers can also scam users into installing malicious code onto their computers by means of an infected media or PDF file, typically through some kind of social engineering trick.
According to an Adobe spokeswoman the attacks were distinguished as limited and aimed and targeted only at Window users, as reported by ComputerWorld on September 13, 2010.
Adobe stated that it is planning to launch a patch to tackle with the flaw in its Flash Player software during the last week of September, 2010. Whereas, patches for its Acrobat and Reader software are planned for the week of October 4, 2010.
This latest vulnerability advisory marks the second zero-day flaw distressing Adobe's Reader and Acrobat software. On September 7, 2010, Adobe cautioned regarding a different virus affecting Reader and Acrobat. This flaw (CVE-2010-2883) is being actively exploited by the cybercriminals and can also cause a crash to the system.
The attacks have been termed as "clever" and "scary" for the technique they evade significant Windows defenses. Affected software consists of: Adobe Acrobat 9.3.4 and former versions for Macintosh and Windows; and Adobe Reader 9.3.4 and previous versions for UNIX, Windows, and Macintosh.
Finally, security experts stated that attacks and flaws are not new to Adobe software. In fact, security company F-Secure in March 2010 stated that Acrobat/Reader was the one application that was most repeatedly attacked by malware in 2009. Users are recommended to be vigilant and be cautious of the various ongoing attacks.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 25-09-2010