Adobe Reader, Acrobat and Flash Player Vulnerability

muckshifter

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,752
Reaction score
1,211
Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.

Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.

In a post on its Web site, Adobe said it "is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information."

Full story here

Tempory workround is ...

Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.



:user:
 
muckshifter said:
uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

user.gif
Click to expand...

Thanks for that, Mucks. :thumb:

I use Foxit instead of Adobe so does that mean that there is no problem for me and other Foxit users?
 
Yes, you are OK, however, you may be unaware you are using the "Flash Player" from Adobe, which is also vulnerable.

Check "add/remove programs" to easily see. Simple workaround, uninstall Flash ... bear in mind you will not be able to view some online videos. ;)


:user:
 
That is an excellent guide you found, still relevant even though it was produced in 2006.
nod.gif
 
Fix coming,

"Adobe's own advisory states that versions of Flash Player for all operating systems – including Windows, Mac, Linux, and UNIX – are vulnerable to a denial of service attack, although it only appears to be the Windows which is capable of dropping files and being further exploited. The company has also promised a fix for the issue in Flash by the 30th of July, with a fix for the Adobe Reader flaw due the day after."

http://www.bit-tech.net/news/bits/2009/07/26/adobe-flaw-leads-to-trojan-attack/1

happywave.gif
 
Back
Top