Adobe acknowledges serious Flash zero-day vulnerability

UPDATED: Adobe Systems Inc. said it was investigating a potential Adobe Flash error. Symantec discovered attacks exploiting an error in a Flash component.

Adobe Systems Inc. is investigating reports of a new zero-day vulnerability affecting a Flash component that is being targeted by attackers in the wild.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a brief announcement on its Adobe Product Security Incident Response Team blog, Brad Arkin, the company's director for product security and privacy said the potential Flash error affects Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10.

"We are currently investigating this potential issue and will have an update once we get more information," Arkin wrote.

Symantec Corp. said its Security Response researchers recently came into possession of an Adobe Acrobat PDF file that is exploiting an Adobe Flash vulnerability and then drops and executes a Trojan onto a user's system.

"The authors have taken a bug and turned it into an exploit. Once the unsuspecting user visits the website or opens the PDF, this exploit will allow further malware to be dropped on the victim's machine and possibly open a back door," wrote Symantec security researcher Patrick Fitzgerald, on the Symantec security blog.

Fitzgerald said the Flash vulnerability is serious since it could affect multiple products and platforms. Any software that uses Flash is potentially vulnerable. The PDF exploiting the vulnerability includes multiple Flash streams (FWS). Fitzgerald said the Flash component vulnerability is also exploitable on Windows Vista, but the dropped executables do not run if UAC is enabled.

The attacks began surfacing about two days ago, according to Symantec. The Trojan is embedded in a malicious PDF file. Once the Trojan is installed on a victim's machine, it attempts to contact a website to download more malware, said Marc Fossi, manager of research and development for Symantec Security Response.

Flash has a wide install base and is generally targeted in browser-based exploits to install malicious code on a victim's computer. Applications that have wide install bases are popular targets of attackers, because they can exploit the widest number of users through a single vulnerability. So far, Symantec researchers have not discovered any other attack techniques attempting to exploit the Flash vulnerability, Fossi said.

"It is feasible that somebody could write another exploit to take advantage of the vulnerability directly through the flash player," he said. "They could set up a website with a malicious Flash stream … that could be another vector of exploitation, but we have not seen that yet."


Updated with comments from Marc Fossi of Symantec.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close