Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Adobe Flash 0-Day

Posted by CmdrTaco on from the thats-not-gonna-work-out-well dept.

Trailrunner7 writes "Adobe is warning its users about a critical vulnerability in Flash that affects Adobe Reader and Acrobat, as well, and is being used in some highly targeted attacks right now. The vulnerability in Flash Player affects Reader and Acrobat, both of which include Flash functionality, but it does not affect Reader X. Adobe officials said that Reader X's Protected Mode sandbox would prevent successful exploits. The company plans to have a patch for the affected products ready by next week for all platforms, including Windows, Mac, Linux, Android and Solaris."

7 of 133 comments (clear)

  1. Flash in Acrobat Reader by moosehooey · · Score: 4, Insightful

    What the hell for? Fucking Adobe.

    1. Re:Flash in Acrobat Reader by syousef · · Score: 4, Funny

      What the hell for? Fucking Adobe.

      How else do you fit so many vulnerabilities in one product so efficiently? In fact they found they had to tap higher dimensions to fit more holes than there was physical space in Adobe products. Kinda like a cross between the Tardis and a permanent help desk role: The void is greater than physically possible.

      --
      These posts express my own personal views, not those of my employer
  2. Shockwave flash file inside an excel spreadsheet? by 140Mandak262Jamuna · · Score: 4, Informative

    The attack vector is a excel spreadsheet delivered via an attachment that contains a swf file that has this vulnerability. Looks like it is not a drive by download. Not sure if the streamed flash videos have the vulnerability. It does not affect Win7. Affects XP. If it is leveraging some specific bug in excel and then a bug in flash, it is very specific to that combination. XP+Excel+Adobe. The rest of us can rest easy and enjoy a little bit of schadenfreude.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  3. who uses Adobe Reader anyways? by Ionized · · Score: 4, Informative

    Seriously, get FoxIt PDF reader. It's free, and approximately 5 million times faster than Adobe Reader.

  4. When will Adobe get its act together? by WaffleMonster · · Score: 3

    I am totally sick and tired of the constant wave of security bugs in these products. How hard can it really be after all these years to render compressed postscript without all of the underlying nonsense?

  5. 0 day... for Acrobat? by MrEricSir · · Score: 5, Funny

    How can it be a 0 day attack when Acrobat takes 2 days to start?

    --
    There's no -1 for "I don't get it."
  6. Re:Mac, Linux, Android and Solaris. by gad_zuki! · · Score: 3, Interesting

    Most exploits are written as an attempt to get root/admin or affect system settings. In my testing of adobe exploits (not this one, but previous ones) I noticed that if I ran as a limited user the exploits don't usually work. If I run as admin with UAC running, the UAC never comes up and the exploit works. UAC + admin is not the same as running as a limited user.

    Yes, you're right about malware running in user userspace and that's a real problem with this approach, but running as limited gives some benefits that are not obvious. Arguably, AV and smart computer usage makes up for the rest. This excel file seems to already be in all the major virus definitions.