Adobe Reader, Acrobat and Flash Player Vulnerability


muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,547
Reaction score
1,058
Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.

Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.

In a post on its Web site, Adobe said it "is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information."

Full story here

Tempory workround is ...

Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.



:user:
 
Ad

Advertisements

nivrip

Yorkshire Cruncher
Joined
Mar 21, 2007
Messages
9,056
Reaction score
1,692
muckshifter said:
uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

Thanks for that, Mucks. :thumb:

I use Foxit instead of Adobe so does that mean that there is no problem for me and other Foxit users?
 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,547
Reaction score
1,058
Yes, you are OK, however, you may be unaware you are using the "Flash Player" from Adobe, which is also vulnerable.

Check "add/remove programs" to easily see. Simple workaround, uninstall Flash ... bear in mind you will not be able to view some online videos. ;)


:user:
 

Abarbarian

Acruncher
Joined
Sep 30, 2005
Messages
10,640
Reaction score
1,014
That is an excellent guide you found, still relevant even though it was produced in 2006.
 
Ad

Advertisements

Abarbarian

Acruncher
Joined
Sep 30, 2005
Messages
10,640
Reaction score
1,014
Fix coming,

"Adobe's own advisory states that versions of Flash Player for all operating systems – including Windows, Mac, Linux, and UNIX – are vulnerable to a denial of service attack, although it only appears to be the Windows which is capable of dropping files and being further exploited. The company has also promised a fix for the issue in Flash by the 30th of July, with a fix for the Adobe Reader flaw due the day after."

http://www.bit-tech.net/news/bits/2009/07/26/adobe-flaw-leads-to-trojan-attack/1

 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top