New Zero-Day Vulnerabilities


in Adobe Flash Player.

English: Logo for Adobe Flash Player

Image via Wikipedia

When it comes to malware exploits, Adobe’s Flash and PDF software can’t seem to catch a break recently.

Recently a vulnerability was found in both Mac and Windows versions of Adobe’s Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe’s Flash Player, which likewise could result in arbitrary code being executed on the system.

The flaws were found by a Russian vulnerability research company and advisories have been issued.  So what is the vulnerability?

Apparently the vulnerability bypasses antiexploitation features in Windows such as DEP and ASLR, and can get around the Internet Explorer sandbox (there is no information on how other browsers handle the issue).

While Intevydis has so far shown the exploit on Windows machines, apparently it works in OS X as well.

The vulnerability, as of December 9, had only been partially addressed by Adobe.

So far Adobe has only addressed these exploits for version 9.x of its Reader and Acrobat products for Windows; fixes for the other versions are due in about a month’s time. Adobe has not yet issued a response to the current findings regarding Flash Player.

If one heavily  utilizes Adobe Flash Player, it may be wise to find an interim alternative to block unwanted Flash considering this:

Unlike malware that is directly downloaded to a system and scanned, these malware attempts run through the Flash Player or Adobe Reader programs themselves, making it harder for malware scanners to detect them.

So should Adobe be moving faster to address this issue or is the risk overstated?

Enhanced by Zemanta
Advertisements

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on December 13, 2011, in Adobe, Cybersecurity, Hacking, Security, vulnerability and tagged , , , , , , , . Bookmark the permalink. 1 Comment.

  1. Good Read, and thanks for the pingback.

%d bloggers like this: