Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe has its hands full with another Flash zero-day vulnerability, this one being actively exploited to target users under the guise of a legitimate Microsoft Word document, the company revealed on Monday.
The flaw is in Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris, 10.2.154.25 for Chrome and 10.2.156.12 for Android. And it is in the authplay.dll component that ships with Reader and Acrobat X and earlier versions for Windows and Mac, though Adobe is not aware of any attacks being leveraged via PDF files.
Successful exploitation of the vulnerability could allow an attacker to take complete control of an affected system, according to a bulletin. Miscreants currently are embedding malicious Flash files inside Word documents to distribute the attack.
Nearly all of the popular anti-virus solutions on the market failed to detect the threat, according to reports, though rates should increase now that the issue is public.
Adobe has not determined when a fix for Flash will be available, but if history is any indication, users should not have to wait long.
On March 14, the company revealed another zero-day Flash bug, which was fixed a week later. That vulnerability, exploited through Microsoft Excel files, was used by hackers to gain access to security firm RSA's network to steal information related to its SecurID products.
Meanwhile, the company plans to shore up its Reader and Acrobat products from the latest flaw in the next quarterly release, due June 14. In the meantime, users are encouraged to upgrade to the most recent versions of Reader and Acrobat because the "Protected Mode" capability prevents an exploit like this from executing.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.