MyTechHub.com

Your source for high tech news, information and reviews.

RSS Press Release Jungle News

Jun
11

Adobe’s Flash and Reader Facing Cyber Attacks Again

By apapenhagen

Adobe (ADBE) has issued a warning that attackers are exploiting a critical vulnerability in its Flash Player and Adobe Reader. Adobe’s products were previously under attack in July 2009. At that time, Adobe patched the flaw that month. Some researchers claimed at the time that Adobe had known of this Flash flaw for more than half a year.

According to Adobe, the current bug affects Flash Player 10.0.45.2, the most up-to-date version of the popular media-player as well as older editions on Windows, Macintosh, Linux, and Solaris. PDF viewer Adobe Reader 9.x and PDF creation software Adobe Acrobat 9.x on Windows, Macintosh, and Unix are also vulnerable. Adobe stated in a June 4 security advisory that hackers are already exploiting the flaw. As a result, they would be able to highjack targeted computers. “There are reports that this vulnerability is being actively exploited in the wild against Flash Player, Reader and Acrobat,” the advisory stated.

Danish bug tracker Secunia rated the threat as “extremely critical,” the highest ranking in its five-step scoring system. The U.S. Computer Emergency Readiness Team (US-CERT), an arm of the federal Department of Homeland Security, also posted a warning of the vulnerability. The problem exists not only inside Flash but also within the “authplay.dll” file packaged with every Windows copy of Reader and Acrobat. It can be exploited by rigging PDF documents and using “drive-by attacks” that entice users into viewing malicious Flash streaming-media on attack sites.

The attack comes just after Brad Arkin, Adobe’s director of security and privacy, said in the security spotlight that the company had taken action that resulted in more secure code. He also has repeatedly stated that Adobe abides by its self-imposed, 15-day, rush-patch deadline to fix flaws. If that is the case, the patch should be released not later than June 19.

In the meantime, Reader and Acrobat users are advised to protect themselves by deleting or renaming authplay.dll. Since Flash Player 10.1 Release Candidate “does not appear to be vulnerable,” users can also download this version from Adobe’s website

Categories : Adobe

Leave a Comment

Directory Menu

Category List

Pagerank Statistics

  • PR 5 1
  • PR 4 7
  • PR 3 3
  • PR 2 1
  • PR 0 10

Directory Statistics

  • Total categories: 7
  • Total links: 22
  • Unique Outgoing Hits: 245

Recent Posts

Categories