Slashdot Mirror
Adobe Warns of Flash, PDF Zero-Day Attacks
InfosecWarrior writes "Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products. The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems. It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh, and Unix operating systems."
Why do you think, "we FreeBSD-ers aren't getting Flash"?
I do have (the Linux version of) Flash 10 installed on my FreeBSD 8 amd64 systems and running it in a native FreeBSD amd64 Firefox. (Of course, it is usually blocked by noscript and flashblock.) A few years ago that might have been difficult to get running, but now it is just ports.
If we really want Flash is another story...
Buzzword or not, "zero day" means a vulnerability that is already being exploited by the time it's published. If vulnerability is published but no exploit exists -> no zero day.
Regardless of what you think of reasons for using that "zero day" label, this is very relevant to end-users: zero day -> you're at risk, NOW. No zero day -> you're probably safe (for the time being, that is).
Of course, it is usually blocked by noscript and flashblock.
This appears to be a SWF file being run by Adobe Reader or Acrobat. Browser based plugins aren't going to help when it's opened by a desktop application.
Not entirely correct, historically it meant an exploit that was discovered by the vendor by the fact that it was being exploited. Meaning, they had zero days to develop a patch.
So if, for example, someone reported this to Adobe previously, and Adobe hadn't fixed it yet, then it isn't a zero day exploit. If Adobe only found out about the vulnerability because people were exploiting it, it was a zero day vulnerability.
Which might be what you were saying, but it didn't come out unambiguously that way. :)