This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Flaws in Adobe Reader and Flash 'exploited in the wild'

Share this article:
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop

Fresh vulnerabilities, which are being exploited in the wild, have been detected for Adobe's PDF Reader and Flash Player.

According to researchers from FireEye, there is a PDF zero-day which is being exploited in the wild, with the company's researchers having observed successful exploitation on the Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1.

It said: “Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files.”

Also, research by Kaspersky Lab has identified a zero-day vulnerability in Adobe Flash Player (CVE-2013-0633) that was also being actively exploited in targeted attacks. This impacts Windows, Mac OS X and Linux operating systems, as well as a number of earlier versions of Android.

It said: “The vulnerability was being used in a series of targeted attacks that were designed to trick victims into opening a spear-phishing email with a Microsoft Word document, which contained malicious Flash (SWF) content.  The majority of attacks analysed by Kaspersky Lab were targeted against human rights activists and political dissidents from Africa and the Middle East.”

Adobe released a security update for this issue, saying it was aware of reports of this vulnerability being exploited in the wild.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.

Apple unveils iOS 8.0 - security from the ground upwards

Apple unveils iOS 8.0 - security from the ...

iOS 8.0 - 1.1GB large, but with Apple providing lots of security patches and upgrades...

eBay downplays significance of `old school' XSS attack on its auction portal

eBay downplays significance of `old school' XSS attack ...

eBay vulnerable to XSS attack enabling re-direction of users says BBC.