WyseLabs Internet Marketing Forum :: Start Sharing

A Dedicated Room for Testing, Experimenting, Listing & Discussing Internet Marketing Innovation

This forum consists of only people that work for TechWyse and contribute to the WyseLabs community. We invite all of you to read many of the helpful things that we find in our daily lives! That is why we have built this section after all!
Register Now

Adobe warns of new Flash Player zero-day attack

There are always new and exciting sites online. Think you found one that is helpful? Share it with the group!

Moderator: Moderators

Post a reply

Adobe warns of new Flash Player zero-day attack

Postby sathish.k » Mon Apr 11, 2011 11:49 pm

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.


A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

We are in the process of finalizing a schedule for delivering updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
Thanks & Regards,
Sathish
sathish.k
 
Posts: 111
Joined: Fri Aug 08, 2008 1:18 am
Top

Adobe Patches Flash Zero-Day

Postby sathish.k » Thu Apr 21, 2011 4:50 am


Adobe recommends all users of Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris upgrade to the newest version 10.2.159.1 by downloading it from the Adobe Flash Player Download Center. Windows users can install the update via the auto-update mechanism within the product when prompted.

Google Chrome users can update to Chrome version 10.0.648.205 or later.

Adobe recommends users of Adobe AIR 2.6.19120 and earlier versions for Windows, Macintosh and Linux update to Adobe AIR 2.6.19140.

Adobe expects to make available an update for Adobe Flash Player 10.2.156.12 and earlier versions for Android no later than the week of April 25, 2011.
Thanks & Regards,
Sathish
sathish.k
 
Posts: 111
Joined: Fri Aug 08, 2008 1:18 am
Top
Post a reply

Return to Online Ideas, Innovation & Cool Sites

Who is online

Users browsing this forum: No registered users and 8 guests

Powered by phpBB® Forum Software © phpBB Group