By continuing to use this site, you agree to our use of cookies. Find out more
Forum sponsored by:
Forum sponsored by Forum House Ad Zone

Adobe Flash on the Emag reader.

All Topics | Latest Posts

Search for:  in Thread Title in  
John Stevenson08/06/2010 00:02:05
avatar
5068 forum posts
3 photos
Adobe (NSDQ:ADBE) released an advisory Monday for a critical, zero-day vulnerability actively exploited in the wild against Adobe Flash Player, Reader and Acrobat.
Adobe ranked the flaw, which affects Windows, Mac, Solaris, Linux and UNIX platforms, with the highest severity rating of "critical," indicating that it could be subject to remote code execution attacks.

Security researchers report that hackers have already launched "in the wild" attacks on Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.

Thus far however, Adobe Flash Player 10.1, which is currently in beta, as well as Adobe Reader and Acrobat 8.x "do not appear to be vulnerable" to an exploit, Adobe said in its advisory.

During an attack, malware, which Symantec (NSDQYMC) researchers have dubbed as Trojan.Pidief, is distributed via an infected PDF file that drops a backdoor onto the victim's computer upon installation of affected Adobe software. Specifically, a malicious SWF file is used in conjunction with an HTML file to download another backdoor Trojan.

In an attack scenario, a hacker could trick a user into opening an infected PDF file, typically through some social engineering scheme delivered via e-mail. Once the infected file was downloaded, malware would be launched designed to crash users' computers or take control of the affected system to steal, alter or delete sensitive data such as financial information, health-care records or intellectual property.

Adobe has yet to release a patch repairing the zero-day flaw. Until then, researchers recommend users deploy a workaround by deleting, renaming, or removing access to the authplay.dll file, which ships with Adobe Reader and Acrobat 9.x. Users will be subject to a non-exploitable crash or error message if they attempt to open a malicious PDF file that contains a Trojan.

Adobe is currently investigating the problem and said that it would update their advisory once a fix schedule is determined. Meanwhile, to mitigate chances of an attack researchers recommend that users keep up-to-date antivirus, download the latest Adobe patches and avoid opening unknown or suspicious emails.

All Topics | Latest Posts

Please login to post a reply.

Magazine Locator

Want the latest issue of Model Engineer or Model Engineers' Workshop? Use our magazine locator links to find your nearest stockist!

Find Model Engineer & Model Engineers' Workshop

Sign up to our Newsletter

Sign up to our newsletter and get a free digital issue.

You can unsubscribe at anytime. View our privacy policy at www.mortons.co.uk/privacy

Latest Forum Posts
Support Our Partners
cowells
Sarik
MERIDIENNE EXHIBITIONS LTD
Shopping Partners
Subscription Offer

Latest "For Sale" Ads
Latest "Wanted" Ads
Get In Touch!

Do you want to contact the Model Engineer and Model Engineers' Workshop team?

You can contact us by phone, mail or email about the magazines including becoming a contributor, submitting reader's letters or making queries about articles. You can also get in touch about this website, advertising or other general issues.

Click THIS LINK for full contact details.

For subscription issues please see THIS LINK.

Digital Back Issues

Social Media online

'Like' us on Facebook
Follow us on Facebook

Follow us on Twitter
 Twitter Logo

Pin us on Pinterest

 

Donate

donate