Adobe Fixes Critical Flaw In Flash Player Undergoing Active Exploitation
Adobe, on September 20, 2010, issued a security patch so it could fix one critical flaw inside Flash.
Reports the company, the flaw impacts its Flash Player application version 10.1.82.76 as also older running on Macintosh, Solaris, Linux and Windows. It even impacts Flash Player 10.1.92.10 that may be on Android. By exploiting it, an attacker can execute software on Adobe Reader; however, a patch for Reader is expected not before the week starting October 4, 2010.
Earlier, Adobe in fact, had revealed certain particulars regarding the threat in addition to stating that hackers with it could wholly compromise PCs using the application. Moreover, it's reported that malicious people are continually exploiting the threat on Adobe Flash Player installed on Windows. Theregister.co.uk published this on September 20, 2010.
Encouragingly, the patch plugs one out of 2 known zero-day flaws which attackers are using against users of Adobe. Meanwhile, from reports already made, an extremely sophisticated attack through electronic mails is trying to load malicious software on Windows systems via deceptively making recipients to view a booby-trapped PDF document. Now, primary to this attack is a buffer overflow flaw, which has been impacting Reader on non-Windows systems too.
Said Trend Micro's Jonathan Leopando, the company had spotted malevolent ShockWave Flash (.SWF) files abusing the flaw that it dubbed TROJ_SWIF.HEL. He explained that the Trojan served like a downloader of malicious programs. SCMagazineUK.com published this on September 21, 2010.
Leopando further stated that the Trojan linked up with certain URLs that resulted in programs identified as BKDR_POISON.AKD, which in turn linked up with a remote Korean server. Samples of BKDR_POISON typically activated an invisible IE to link up with certain ports, he added.
Remarking about the new security patch, Senior Security Advisor Chester Wisniewski from Sophos the security company stated that it was a critical update, which users must install urgently. According to him, the related vulnerability had been exploited ever-since early September 2010 if not before. Moreover, updates for Adobe Acrobat and Reader to plug the current as also other holes were scheduled for release on October 4, 2010, he declared. SCMagazineUK.com reported this.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 01-10-2010