Adobe confirms vulnerabilities in Acrobat, Reader, and Flash
by Steve Ragan - Oct 28 2010, 16:05Adobe has confirmed the existence of a vulnerability in Flash Player, Acrobat, and Reader, which if exploited will allow the attacker to successfully compromise a system. While there are no active attacks on Flash Player currently, Adobe Reader is being actively targeted. Adobe said that patches for these flaws will be delivered in November.
According to Mila Parkour, who runs the Contagio Malware Dump, the malicious PDF file appears as an email attachment. If executed, it delivers the payload silently in the background. She posted a screenshot to her blog, which shows two files being dropped to the system; nsunday.exe and nsunday.dll. The dropped files are Trojans, and are suspected to be part of the Wisp family of Malware.
Adobe was alerted, and issued a security advisory reporting that authplay.dll can be exploited in Adobe Acrobat and Reader 9 for Windows, Macintosh, and UNIX, confirming what was observed by Parkour. In addition, Flash Player 10.1 for Android, Windows, Linux, UNIX, and Macintosh are vulnerable as well.
Adobe said that the vulnerability “could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.”
A patch for the vulnerability in Flash Player is planned for November 9, while Adobe Acrobat and Reader will see a fix on November 15.
Currently, BitDefender, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials), ESET, Panda, and Sunbelt Software have signatures and detections for the Malware being delivered by the rogue PDF file. Others are sure to follow.
The problem with Zero-Day attacks is that the advice to keep third-party software updated as a method of protection goes right out the window. Still, you should always stay on top of updates. It just goes to show that nothing is perfect.
The best bet to avoid this latest attack using PDF files is to remember that you should never open random email attachments, especially if they are from unknown or untrusted sources.
Should the attack spread to Flash Player, the criminals will still need to direct you to a malicious website. Often they do this by offering links in email or HTML attachments that will open the browser to the page directly.
Again, avoiding random attachments, and avoiding links in email messages will help protect you from these types of threats. It’s a practical exercise in constant vigilance.
Adobe’s announcement is here.
Comment on this Story