Adobe Flash on the Emag reader.

[John Stevenson 1Participant @johnstevenson1]

Adobe (NSDQ:ADBE) released an advisory Monday for a critical, zero-day vulnerability actively exploited in the wild against Adobe Flash Player, Reader and Acrobat.
Adobe ranked the flaw, which affects Windows, Mac, Solaris, Linux and UNIX platforms, with the highest severity rating of “critical,” indicating that it could be subject to remote code execution attacks.

Security researchers report that hackers have already launched “in the wild” attacks on Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.

Thus far however, Adobe Flash Player 10.1, which is currently in beta, as well as Adobe Reader and Acrobat 8.x “do not appear to be vulnerable” to an exploit, Adobe said in its advisory.

During an attack, malware, which Symantec (NSDQYMC) researchers have dubbed as Trojan.Pidief, is distributed via an infected PDF file that drops a backdoor onto the victim’s computer upon installation of affected Adobe software. Specifically, a malicious SWF file is used in conjunction with an HTML file to download another backdoor Trojan.

In an attack scenario, a hacker could trick a user into opening an infected PDF file, typically through some social engineering scheme delivered via e-mail. Once the infected file was downloaded, malware would be launched designed to crash users’ computers or take control of the affected system to steal, alter or delete sensitive data such as financial information, health-care records or intellectual property.

Adobe has yet to release a patch repairing the zero-day flaw. Until then, researchers recommend users deploy a workaround by deleting, renaming, or removing access to the authplay.dll file, which ships with Adobe Reader and Acrobat 9.x. Users will be subject to a non-exploitable crash or error message if they attempt to open a malicious PDF file that contains a Trojan.

Adobe is currently investigating the problem and said that it would update their advisory once a fix schedule is determined. Meanwhile, to mitigate chances of an attack researchers recommend that users keep up-to-date antivirus, download the latest Adobe patches and avoid opening unknown or suspicious emails.

[John Stevenson 1Participant @johnstevenson1]

[Author]

Posts