For the security conscious.

Locked
Mureden
Posts: 21
Joined: Thu Oct 14, 2010 10:44 pm
Contact:

For the security conscious.

Post by Mureden » Thu Oct 28, 2010 5:13 pm

Part of my RL job is network security and I got this notification today... This issue is the same type that came up last year and allowed a large number of computers get infected with keyloggers. This in-turned cause a good number of WoW accounts to get hacked. The fact that it hits Flash and Reader both and affects Android OS means that even some of us who use Authenticator may not be safe.

From http://threatpost.com/en_us/ctR

On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks.

The new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher Mila Parkour tested the bug and posted a screenshot of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader.

"A critical vulnerability has been identified in Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.

This flaw is the latest is a string of bugs that have cropped up in Adobe products in the last few months. There have been a number of critical flaws exposed in Flash, Reader and other Adobe software, including one in the company's Shockwave application, which it is patching on Thursday. The Shockwave flaw is remotely exploitable and the details of it have been known publicly for some time.

Adobe security officials said they plan to patch the Flash bug on Nov. 9 and will release a fix for Reader and Acrobat during the week of Nov. 15.

Locked