Adobe Unearths Zero Day in Flash, Reader

Wednesday, March 16, 2011 @ 08:03 PM gHale

A hacker could exploit an unpatched vulnerability in Adobe Flash Player to inject and execute malicious code, Adobe officials said.

There are reports of targeted attacks in which victims, rather than luring them to a crafted webpage, received infected Excel files via email. These contained a crafted SWF file which ran in Flash Player when the Excel file opened.

Version 10.x for Windows, Mac OS X, Linux and Android, and the embedded Flash plug-in for Chrome, are all reportedly affected. Versions 10.x and 9.x of Adobe Reader and Acrobat for Windows and Mac are also vulnerable, as they contain the same bug in their integrated authplay.dll Flash engine. In at least the Windows edition of version 10 (aka X) the bug cannot exploit the system. The sandbox function prevents malicious code from accessing the operating system, blocking attackers from installing malware. To date there have been no attacks on Adobe Reader.

The exploit used for the current attacks will run in Windows XP, but not in Windows 7, due to its additional security features (DEP, ASLR), according to Kaspersky. Adobe is working on a patch and plans to release updates for Flash Player, Reader and Acrobat by next week. The Windows version of Reader X is not due until mid-June, as the sandbox is, in Adobe’s view, sufficient to prevent the worst for now.

Leave a Reply

You must be logged in to post a comment.