Share

Related Links

Related Stories

  • Applications under attack says Microsoft, Adobe
    Many in the security field agree that attack vectors have rapidly moved from exploiting operating system vulnerabilities to the application layer. Security specialists from Microsoft and Adobe lent their opinions as to why this is the case.
  • Adobe update addresses Photoshop bugs
    Adobe, maker of Photoshop, has issued a patch for vulnerabilities affecting earlier versions of the popular image editing software.
  • Adobe releases patches for Shockwave and ColdFusion
    Adobe issued security patches for its Shockwave Player and ColdFusion on Tuesday, plugging holes for more than 20 potential vulnerabilities.
  • New Zeus attack uses Adobe design flaw
    The Zeus botnet continues to spread graciously, according to new data collected by Websense – and other researchers say that it is exploring a recently discovered design flaw in the Adobe PDF file format.
  • X-Force: Document vulnerabilities on the rise
    Adobe's PDF document format continued to take a bashing this week, after a report from IBM's X-Force security consulting arm singled out readers supporting the software company's de facto standard document format as a particular security worry.

Top 5 Stories

News

Adobe warns of critical multi-platform security flaw

07 June 2010

Adobe has released a major warning over a critical vulnerability in its Flash Player 10.0.45.2 and earlier editions for Windows, Apple Mac, Linux and Solaris platforms.

Adobe Flash 10.1, however – which is available on some platforms – looks to be unaffected by the problem, although the vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe has tacitly admitted that the vulnerability is being actively exploited in the wild against both Adobe Flash Player, and some versions of Adobe Reader and Acrobat.

A patch for the issue is being developed by Adobe, although some industry experts are suggesting that users step back to Adobe Reader/Acrobat v8.x and/or upgrade to Flash Player 10.1 release candidate.

According to Graham Cluley, a senior technology consultant with Sophos, although Adobe has published a way to mitigate the problem for Adobe Reader and Acrobat 9.x for Windows, the workaround is clearly not ideal, since it involves deleting, renaming or removing access to the autoplay file.

Unfortunately, as Adobe says on its website: "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content". Cluley says this is not a major issue.

"Once again, it sounds as if feature-itis (the technical term for a product suffering from excessive inflation of unnecessary features) could have partly been Adobe's undoing in this example. A simple PDF reader without so many bells and whistles might not have suffered from such exploitation", he said in a weekend security blog posting.

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×