Adobe acknowledges serious Flash zero-day vulnerability

By Robert Westervelt, News Editor 22 Jul 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. is investigating reports of a new zero-day vulnerability affecting a Flash component that is being targeted by attackers in the wild.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a brief announcement on its Adobe Product Security Incident Response Team blog, Brad Arkin, the company's director for product security and privacy said the potential Flash error affects Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10.

"We are currently investigating this potential issue and will have an update once we get more information," Arkin wrote.

Symantec Corp. said its Security Response researchers recently came into possession of an Adobe Acrobat PDF file that is exploiting an Adobe Flash vulnerability and then drops and executes a Trojan onto a user's system.

"The authors have taken a bug and turned it into an exploit. Once the unsuspecting user visits the website or opens the PDF, this exploit will allow further malware to be dropped on the victim's machine and possibly open a back door," wrote Symantec security researcher Patrick Fitzgerald, on the Symantec security blog.

Fitzgerald said the Flash vulnerability is serious since it could affect multiple products and platforms. Any software that uses Flash is potentially vulnerable. The PDF exploiting the vulnerability includes multiple Flash streams (FWS). Fitzgerald said the Flash component vulnerability is also exploitable on Windows Vista, but the dropped executables do not run if UAC is enabled.

The attacks began surfacing about two days ago, according to Symantec. The Trojan is embedded in a malicious PDF file. Once the Trojan is installed on a victim's machine, it attempts to contact a website to download more malware, said Marc Fossi, manager of research and development for Symantec Security Response.

Flash has a wide install base and is generally targeted in browser-based exploits to install malicious code on a victim's computer. Applications that have wide install bases are popular targets of attackers, because they can exploit the widest number of users through a single vulnerability. So far, Symantec researchers have not discovered any other attack techniques attempting to exploit the Flash vulnerability, Fossi said.

"It is feasible that somebody could write another exploit to take advantage of the vulnerability directly through the flash player," he said. "They could set up a website with a malicious Flash stream … that could be another vector of exploitation, but we have not seen that yet."

Tags: Securing Productivity Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary