Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2013
    S M T W T F S
    « Apr    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
    • About Us
    Trendlabs Security Intelligence > Flash and Acrobat/Reader Hit by New Zero-Day Exploit

    Zero-Day Vulnerability

    This week is turning out to be a busy one for zero-day exploits. Days after such a bug was found in Firefox, it’s Adobe’s turn to have its products under the gun.

    According to the official Adobe security advisory, both the Flash and Acrobat/Reader product lines have been confirmed vulnerable to this latest problem. All current Flash versions are affected, regardless of platform. The same is mostly true for Acrobat and Reader—all released 9.x versions of Acrobat and Reader are affected though older 8.x versions are not. Neither is the Android version of Reader affected. Adobe states that attacks against Acrobat and Reader are in the wild but that no exploits have been found (so far) hitting Flash.

    If exploited, the vulnerability causes a system to crash and potentially allows random code execution. More details on this particular flaw have not yet been released but it appears to be very similar to the June zero-day vulnerability. As in the June attack, the vulnerable component lies in Flash. Acrobat and Reader were just both affected because they include what is, in effect, an embedded Flash Player in the file authplay.dll.

    For Acrobat and Reader, Adobe’s official advise is to remove the vulnerable component. Instructions to do so may be found at the Adobe page linked to earlier. Mitigation for Flash is only possible with Firefox, as certain extensions such as Flashblock and NoScript allow users to selectively load Flash files, protecting themselves from this flaw.

    Official fixes are due by November 9 for Flash and by November 15 for Acrobat and Reader.

    Update as of October 29, 2010 7:21 PM UTC

    Trend Micro offers protection for this flaw for enterprise users of Deep Security and OfficeScan via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF rule number 1004113.

    Update as of November 1, 2010 12:48 PM UTC

    Trend Micro detects the zero-day exploit as TROJ_PIDIEF.SMQA.

    TROJ_PIDIEF.SMQA drops a file which is detected as TROJ_WISP.SMA, which in turn connects to certain URLs to download more malicious files. The said URLs however are inaccessible as of this writing.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Thursday, October 28th, 2010 at 9:08 pm and is filed under Exploits, Vulnerabilities . Both comments and pings are currently closed.



    • Intercontinental

      Firefox team fixed the problem within 24 hrs, when Adobe quietly sits down and declares fix for November 15th, more than 2 weeks from now.
      I wonder if CEO Steve Jobs was not right when he mentioned Adobe as being lazy. Getting fed up with their crappy authplay.dll. I've already abandoned their Reader, but Flash is more problematic.
      Gosh, what a company …



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice