• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Companies targeted by zero day Adobe Flash vulnerability

March 16, 2011 By Corey Nachreiner

[UPDATE]
As mentioned at the end of my original post, I expect Adobe to release Flash and Acrobat updates sometime this week. However, Google Chrome users will get this Flash update early. If you use Chrome, Google and Adobe have already included the Flash fix in the latest Chrome release.

In a recent security advisory and blog post, Adobe warned of a new zero day Flash vulnerability that attackers are leveraging in the wild. The new vulnerability affects Adobe Flash Player, Reader X, and Acrobat X running on all platforms. Adobe doesn’t describe the vulnerability in much detail, other than that it lies within the authplay.dll component of their applications. They do, however, describe how attackers are leveraging the flaw in the wild.

Specifically, Adobe warns that attackers are attaching malcious Excel (.xls) documents to targeted emails. The attacker embeds a specially crafted Flash (.swf) file within the Excel document. If you open the malicious Excel attachment, the embedded .swf file executes, and leverages the zero day flaw to install persistant malware on your system (likely a bot client that gives the attacker a stepping stone to install even more malware).

Unfortunately, Adobe has just learned of this flaw from reports of attackers exploiting it in the wild. They haven’t had time to patch it yet. They plan to release Adobe Flash Player and Acrobat X updates that will fix this issue sometime during the week of March 21. However, they do not intend to release a Reader X update till June, since Reader X’s default sandbox setting should prevent this exploit from working.

In the meantimes, I recommend you warn your users about opening Excel documents attached to strange emails. If you like, you could use the proxies on our XTM appliances to block all Excel attachments. However, most organizations need to allow them for business. I will let you know when Adobes updates their products in Security Alerts posted here. – Corey Nachreiner, CISSP

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, targeted exploit, unpatched, Zero day exploit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use