This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Flaws in Adobe Reader and Flash 'exploited in the wild'

Share this article:
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop

Fresh vulnerabilities, which are being exploited in the wild, have been detected for Adobe's PDF Reader and Flash Player.

According to researchers from FireEye, there is a PDF zero-day which is being exploited in the wild, with the company's researchers having observed successful exploitation on the Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1.

It said: “Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files.”

Also, research by Kaspersky Lab has identified a zero-day vulnerability in Adobe Flash Player (CVE-2013-0633) that was also being actively exploited in targeted attacks. This impacts Windows, Mac OS X and Linux operating systems, as well as a number of earlier versions of Android.

It said: “The vulnerability was being used in a series of targeted attacks that were designed to trick victims into opening a spear-phishing email with a Microsoft Word document, which contained malicious Flash (SWF) content.  The majority of attacks analysed by Kaspersky Lab were targeted against human rights activists and political dissidents from Africa and the Middle East.”

Adobe released a security update for this issue, saying it was aware of reports of this vulnerability being exploited in the wild.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...