[UPDATE]
As mentioned at the end of my original post, I expect Adobe to release Flash and Acrobat updates sometime this week. However, Google Chrome users will get this Flash update early. If you use Chrome, Google and Adobe have already included the Flash fix in the latest Chrome release.
In a recent security advisory and blog post, Adobe warned of a new zero day Flash vulnerability that attackers are leveraging in the wild. The new vulnerability affects Adobe Flash Player, Reader X, and Acrobat X running on all platforms. Adobe doesn’t describe the vulnerability in much detail, other than that it lies within the authplay.dll component of their applications. They do, however, describe how attackers are leveraging the flaw in the wild.
Specifically, Adobe warns that attackers are attaching malcious Excel (.xls) documents to targeted emails. The attacker embeds a specially crafted Flash (.swf) file within the Excel document. If you open the malicious Excel attachment, the embedded .swf file executes, and leverages the zero day flaw to install persistant malware on your system (likely a bot client that gives the attacker a stepping stone to install even more malware).
Unfortunately, Adobe has just learned of this flaw from reports of attackers exploiting it in the wild. They haven’t had time to patch it yet. They plan to release Adobe Flash Player and Acrobat X updates that will fix this issue sometime during the week of March 21. However, they do not intend to release a Reader X update till June, since Reader X’s default sandbox setting should prevent this exploit from working.
In the meantimes, I recommend you warn your users about opening Excel documents attached to strange emails. If you like, you could use the proxies on our XTM appliances to block all Excel attachments. However, most organizations need to allow them for business. I will let you know when Adobes updates their products in Security Alerts posted here. – Corey Nachreiner, CISSP
Leave a Reply