According to Adobe, this vulnerability is exploited through Flash file (*.swf) embedded inside a Microsoft Word file (*.doc) delivered as an email attachment mainly targeting Windows users. However, the method of attack may change. This vulnerability can cause serious issues like system crash and can allow an attacker to take control of the affected system and use as zombie machine for malicious activities without the user’s knowledge. At this point, Adobe has no information about this sort of attack targeting other products such as Adobe PDF Reader and Acrobat. Though, according to US Computer Emergency Readiness Team, the vulnerability is found on Adobe PDF Reader and Acrobat as well.
Adobe is still in the process of delivering a software update to mitigate the issue with Flash Player for Windows, Linux, Solaris, Chrome, Android and Mac operating systems. As of now, users have to be cautious when opening email attachments (from anyone, be it friends or someone you’ve no idea about. You may “Win” millions of $ through some lottery or some “generous” souls out there want to give away millions, PLEASE DO NOT CLICK on such phishing emails. Read more about phishing here) to mitigate the issue as anti-virus programs are not yet able to detect the vulnerability.
Read security tips on email attachments here from US Computer Emergency Readiness Team (CERT).
Wednesday, 13 April 2011 10:33
Attackers take control of your system by exploiting latest Adobe Flash player vulnerabilityWritten by aneesh kuniyil
Adobe has released a Critical security alert on a serious vulnerability exploitation via emails on Adobe Flash Player version 10.2.153.1 and earlier versions for Windows, Mac, Linux and Solaris operating systems, version 10.2.154.25 and earlier for Chrome users and 10.2.156.12 and earlier for Android users. According to Adobe, a critical security alert means “A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.” Click here for information on various alert ratings from Adobe.
Published in Security Tips