• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

New Flash Player advisory

Adobe has been in trouble many times before with security holes in there applications, including flash, shock wave and reader. Good thing is that HTML5 is quickly becoming the standard and flash with eventually die. Patches are suppose to be out next month also.

Adobe (NSDQ:ADBE) released a security advisory late Monday warning users of a critical Flash Player vulnerability that is actively being used in zero-day attacks by malicious hackers.

The critical vulnerability occurs in Adobe Flash Player 10.1.82.76 as well as earlier versions for Windows, Mac, Linux, Solaris and Android. The bug also affects Adobe Reader 9.3.4 for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.

Specifically, the glitch enables hackers to execute a malicious attack that could crash users' computers and take control of the affected system to access accounts and steal financial and personally identifying information.

Attackers could trick users into downloading malicious code with an infected PDF or media file, usually through some kind of social engineering ploy.

Initial reports indicate that remote code execution attacks are actively exploiting the critical flaw in Flash Player for Windows, although no attacks have yet been detected against Reader or Acrobat.

"Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploit the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place," said Adrien de Beaupre, SANS Institute researcher, in a blog post Monday.

Thus far, there is no patch fixing the issue, however Adobe said in its advisory that they were "finalizing a fix" for Flash Player, which is slated to be released the week of Sept. 27 and one for Reader and Acrobat, scheduled to be released the week of Oct. 4.

Security experts recommend that users look into workaround options to immediately reduce the risk of attack, in light of the fact that an exploit is already out in the wild and assaulting vulnerable systems.

"Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes, it is recommended to explore a workaround for mitigation, detection of already compromised hosts and cleanup," Beaupre said.
Click to expand...
 
Adobe is a perfect example of the saying, too many cooks spoil the soup.
Adobe has so many things going on inside the company with so many departments and programmers that it is chaotic.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top