Adobe released a security advisory in which it warns from a zero-day vulnerability within current version of Adobe Flash Player, Reader and Acrobat. Affected are Flash Player 10.2.153.1 and earlier versions for Windows, Mac, Linux and Solaris, the current version integrated in the Chrome web browser, and 10.2.156.12 and earlier versions for Android. The authplay.dll component of current and older version of Adobe Acrobat and Reader are also affected; according to Adobe, the sandbox of Acrobat Reader X prevents from execution of malicious payloads though.
The vulnerability allows attackers to inject malicious code with manipulated documents. Currently targeted attacks are reported by Adobe which use a Word document with a specially prepared Flash Player file (.swf) embedded to infect victims.
The company currently is finalizing a schedule for updated software versions. Until those updates are available, users should take care of which documents they open. Suspicious are documents which are sent without expecting them.
Dirk Knop
Technical Editor
Related Posts
- Finjan prevents 0-day exploit of Adobe Acrobat Reader and Flash player vulnerability
Finjan’s Malicious Code Research Center (MCRC) has detected yet another case of a 0-day attack “in the wild”. This time, hackers are exploiting a vulnerability (CVE-2009-1862) in Adobe Acrobat/Reader... - Adobe Flash Player & Adobe Reader and Acrobat 0-day (CVE-2010-3654)
Websense® Security Labs™ has received reports of a new zero-day exploit that targets the Adobe Flash Player. Our customers are protected from this latest vulnerability by ACE, our ... - Adobe Fixes Flash Player Bugs, Acrobat and Reader Still Vulnerable
Adobe fixed one of the two zero-day vulnerabilities that were revealed in the past two weeks. Earlier this week, Adobe rushed out a new version of Flash Player, which fixed the critical vulnerability... - Adobe Patches Flash Player within Acrobat, Reader
Adobe has released security updates for Acrobat and Reader that actually fix vulnerabilities within the Flash player.
View full post on PCMag.com Security Coverage... - Cross-platform Security Advisory for Flash Player, Adobe Reader and Acrobat
Ouch. This affects virtually everyone including Mac, Linux, and Windows users. More can be found here at the PSIRT site. And yes, there is malware already associated already with it.
A critical vul... - Zero-day Attack in the Wild for Adobe Flash, Reader, and Acrobat
We have confirmed the attacks that exploit the vulnerability (CVE-2010-1297) that Adobe announced on its security advisory are in the wild.
View full post on ... - Adobe 0-day vulnerability in Flash, Adobe Reader and Acrobat (CVE-2010-1297)
Adobe announced a new 0-day vulnerability in Flash, Adobe Reader and Adobe Acrobat over the weekend. The vulnerability lies in how Flash and Adobe Reader/Acrobat handles a specially formatted SWF file... - Security Advisory for Flash Player, Adobe Reader and Acrobat, (Sat, Jun 5th)
Adobe has released an advisory that a critical vulnerability exists for Windows, Macintosh, Linux and Solaris in the Adobe Flash Player version 10.0.45.2 and earlier as well as in the authplay.dll com... - Adobe updates Reader and Acrobat
A little earlier as announced, Adobe released updated versions of Adobe Acrobat and Reader. These programs were vulnerable to the Flash Player zero-day-vulnerability as well, which was fixed last week... - Flash Player Update available
Just a short notice on the now available Adobe Flash Player Update: Version 10.2.159.1 has been released which fixes the critical security vulnerability which allow attackers to infect computers with ...
Posted on 12 April 2011. Tags: Acrobat, Adobe, flash, player, reader, Vulnerability, ZeroDay
The above information is reprinted from and copyrighted © by Avira.
