• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cloud   »   New Adobe Flash Critical Vulnerability Exploited in the Wild.

New Adobe Flash Critical Vulnerability Exploited in the Wild.

  • Posted on:September 15, 2010
  • Posted in:Cloud
  • Posted by:
    Dave Asprey
0

Adobe has issued a security advisory APSA 10-03 describing a new critical vulnerability in its products. This time, the primary target is Flash Player with multiple platforms—Windows, Mac, Linux, Solaris, and Android—all affected and is currently being exploited in the wild. Current versions of Acrobat and Reader—the target of last week’s vulnerability—are also affected by the said exploit although Adobe states that in-the-wild attacks against these have not yet been seen.

Trend Micro detects malicious ShockWave Flash (.SWF) files exploiting this vulnerability as TROJ_SWIF.HEL. This functions as a malware downloader from other sites. It connects to certain URLs, which lead to files detected as BKDR_POISON.AKD that, in turn, connect to a remote box somewhere in Korea. BKDR_POISON variants typically opens a hidden Internet Explorer browser to connect using certain ports.

Interestingly, TROJ_SWIF.HEL also displays an image of a waterfall via a second embedded .SWF file, which is possibly used to trick users into thinking that they’ve opened a normal .PDF file.

Adobe has also stated when solutions for this vulnerability as well as last week’s will be released. Flash Player will receive an update on the week of September 27. Acrobat and Reader will receive fixes on the week of October 4.

Until the patches are released, Trend Micro offers protection for this flaw for enterprise users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in, which has rule–1004403 (Adobe Flash Player Remote Code Execution) to block attacks against this new vulnerability.

Read more: http://blog.trendmicro.com/new-adobe-flash-critical-vulnerability-exploited-in-the-wild/#ixzz0zcaxITkK

Related posts:

  1. The fix is in for Adobe’s newest Flash flaw
  2. Adobe confirms Flash vulnerability in Windows 8
  3. UPDATE: Why Trend Micro’s Cloud Security Protection is relevant to the new Adobe Flash Player Security Vulnerability
  4. How to Update Adobe Flash Player on a Mac

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.