A vulnerability within the current versions of Adobe Flash Player on all supported platforms has been found, warns the company. Affected are not only the Flash Player installations, but also Adobe Reader and Acrobat via the “authplay.dll” Flash Player integration. Currently there is no mitigation which will help against the exploitation – so only opening expected documents from trusted sources for the time being is a good advice.
Adobe explains that they found an Excel sheet with malicious SWF content exploiting the vulnerability as an email attachment in a very limited, targeted attack. The reason for this is simple – one wouldn’t expect such malicious content in an Excel sheet; not opening unrequested documents thus is a way to mitigate the risk. Adobe plans to ready an update until next week aorund the 21st of March and will ship it immediately then. For Adobe Reader X the patch will take a little longer as the integrated sandbox prevents a successful exploit.
Avira products detect the exploit as EXP/CVE-2011-0609.
Dirk Knop
Technical Editor
Related Posts
- Apple, Adobe patch critical bugs
Adobe Systems and Apple released security updates Monday, including a critical Adobe Flash Player fix for a flaw that had been used in cyberattacks.
View full post on Network World on Security... - Patch Critical Security Flaws in Adobe Reader, Acrobat
As previously announced, Adobe has released an out-of-band update for Reader and Acrobat that addresses vulnerabilities revealed at the Black Hat security conference last month. The update is rated as... - Critical Adobe Acrobat APSB10-17 Vulnerability Patch
Adobe Systems has sent out a critical Security Advisory for Adobe Reader and Acrobat. This advisory is related to the security vulnerability CVE-2010-2862. For more information, please refer to this S... - Adobe rushes update to patch critical Reader bugs
Adobe issues an 'out-of-band' update to patch two vulnerabilities in its Reader PDF software.
View full post on Computerworld Security News... - Adobe Patch Tuesday
Adobe has issued patches to fix a number of vulnerabilities in:
-- Adobe Reader X (10.0) for Windows and Macintosh;
-- Adobe Reader 9.4.1 (and earlier) for Windows, Macintosh and UNIX
-- Adobe Acro... - Patch Tuesday for February 2011 – Adobe and Microsoft
As expected, today Microsoft and Adobe published updates for Windows, Internet Explorer, Windows FTP service, Visio, Flash Player, Shockwave Player, Reader, Acrobat and ColdFusion.
Microsoft published... - Patch Tuesday (Microsoft and Adobe) coming next week
Microsoft
Microsoft has posted advance notification of what we can expect on February Patch Tuesday next week:
There will be 12 security bulletins. Three are considered critical and nine import... - SW Adobe to Update Reader and Acrobat on Patch Tuesday
Next Tuesday, on their regularly-scheduled quarterly Acrobat Patch Tuesday, Adobe will release security updates for all Windows and Mac Acrobat and Reader versions. Updates for the UNIX vers... - Facebook flaw allowed websites to steal users’ personal data without consent
A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.
Rui Wang and Zhou Li said that they had found a vu... - WordPress warns of critical flaw, update to 3.0.4 immediately
The WordPress team has alerted WordPress users to a critical XSS flaw in versions 3.0.3 and previous. WordPress has not sent out many alerts of this importance, and during the holiday downtime it inc...
Posted on 16 March 2011. Tags: Adobe, critical, flaw, Patch, Without
The above information is reprinted from and copyrighted © by Avira.
