Adobe this week warned of a critical bug in Flash Player 10.2 that could causes crashes and potentially allow a hacker to take control of an affected system.
The company said Monday that it is in process of finalizing a schedule for delivering updates to affected versions. At this point, it exists in Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Mac."There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform," Adobe said in its advisory.
Adobe said it was not aware of PDF-related attacks in Reader or Acrobat, and Adobe Reader X Protected Mode mitigations would prevent that type of exploit from happening. As a result, the bug for Adobe Reader X for Windows will be addressed in the next quarterly update for Adobe Reader on June 14.
As PCMag's Larry Seltzer points out, this type of vulernability might sound familiar. It's quite similar toanother Flash zero-day from several weeks ago that was embedded in an Excel file and used to attack RSA. Brian Krebs also noted that only one of the 42 anti-malware engines on VirusTotal could detect this attack.
Source:PC Mag
No comments:
Post a Comment