Adobe Reader, Acrobat and Flash Player Vulnerability

muckshifter

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,739
Reaction score
1,204
Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.

Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.

In a post on its Web site, Adobe said it "is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information."

Full story here

Tempory workround is ...

Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.



:user:
 
nivrip

nivrip

Yorkshire Cruncher
Joined
Mar 21, 2007
Messages
10,888
Reaction score
2,138
muckshifter said:
uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

user.gif
Click to expand...

Thanks for that, Mucks. :thumb:

I use Foxit instead of Adobe so does that mean that there is no problem for me and other Foxit users?
 
muckshifter

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,739
Reaction score
1,204
Yes, you are OK, however, you may be unaware you are using the "Flash Player" from Adobe, which is also vulnerable.

Check "add/remove programs" to easily see. Simple workaround, uninstall Flash ... bear in mind you will not be able to view some online videos. ;)


:user:
 
Abarbarian

Abarbarian

Acruncher
Joined
Sep 30, 2005
Messages
11,023
Reaction score
1,221
That is an excellent guide you found, still relevant even though it was produced in 2006.
nod.gif
 
Abarbarian

Abarbarian

Acruncher
Joined
Sep 30, 2005
Messages
11,023
Reaction score
1,221
Fix coming,

"Adobe's own advisory states that versions of Flash Player for all operating systems – including Windows, Mac, Linux, and UNIX – are vulnerable to a denial of service attack, although it only appears to be the Windows which is capable of dropping files and being further exploited. The company has also promised a fix for the issue in Flash by the 30th of July, with a fix for the Adobe Reader flaw due the day after."

http://www.bit-tech.net/news/bits/2009/07/26/adobe-flaw-leads-to-trojan-attack/1

happywave.gif
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Adobe vulnerable, again 0
Microsoft patches Windows zero-day found in Hacking Team's leaked docs 4
( O T ) Security Advisory for Adobe Reader and Acrobat | Vulnerability identifier: APSB10-17 2
Please, uninstall Adobe Reader 14
Adobe Acrobat Reader glitch 11
Secunia's Q2/2010 vulnerability report 1
buffer overflow in adobe reader 8/9 8
Security Updates available for Adobe Reader and Acrobat 2

Top