Adobe confirms Flash zero-day bug in PDF docs
Hackers exploiting flaw already in the wild, says iDefense
Computerworld - Adobe is investigating a critical vulnerability in its Flash format that is currently being exploited by hackers using malicious PDF documents, according to the company's security team and outside researchers.
Adobe said little in a short entry to its security blog late Tuesday. "Adobe is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10," said Brad Arkin, the company's director for product security and privacy. "We are currently investigating this potential issue."
Reader and Acrobat 9.1.2 are the most current versions of those applications.
An Adobe spokesman early Wednesday confirmed that the vulnerability was an issue within Flash content that is inserted into a PDF (Portable Document Format) file. Users can drop Flash movies into PDF files, for instance.
VeriSign's iDefense said it spotted an in-the-wild attack exploiting the Flash zero-day, according to a message posted to Twitter yesterday. "iDefense recently investigated a targeted attack using [an] embedded zero-day Flash exploit inside a PDF file," the security intelligence company said.
Adobe has had its share of security problems this year, particularly with Reader, the popular PDF viewer. In mid-March, for example, it plugged several holes in Reader, including one that had been exploited by hackers since early January. Then in both May and June it followed that with further fixes to quash another Reader zero-day and patch another 13 bugs in the viewer.
Security was also at issue this week when Danish bug tracker Secunia noticed that Adobe continues to provide an outdated edition of Reader for download. Yesterday, Adobe reacted to Secunia's report by saying it was reevaluating how its software updater operated.
iDefense did not immediately respond to a request for more information on its findings, while Adobe's spokesman said details of the Flash-PDF vulnerability would be posted on the company's security blog when they are available.
- Why security professionals need to get more creative with penetration testing (and how to do it)
- Michaels breach exposes nearly 3M payment cards
- This Netcraft tool flags sites affected by Heartbleed
- LaCie compromised for over a year
- Android trojan app targets Facebook users
- Windows XP retirement creates opportunity for Chinese security firm
- Teen nabbed in Heartbleed attack against Canadian tax site
- How a cyber cop patrols the underworld of e-commerce
- A simple cure for the cybersecurity skills shortage
- 3 ways to reduce BYOD legal liability with the right conversation
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts