Flaws in Adobe Reader and Flash 'exploited in the wild'

Share this article:
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop

Fresh vulnerabilities, which are being exploited in the wild, have been detected for Adobe's PDF Reader and Flash Player.

According to researchers from FireEye, there is a PDF zero-day which is being exploited in the wild, with the company's researchers having observed successful exploitation on the Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1.

It said: “Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

“We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files.”

Also, research by Kaspersky Lab has identified a zero-day vulnerability in Adobe Flash Player (CVE-2013-0633) that was also being actively exploited in targeted attacks. This impacts Windows, Mac OS X and Linux operating systems, as well as a number of earlier versions of Android.

It said: “The vulnerability was being used in a series of targeted attacks that were designed to trick victims into opening a spear-phishing email with a Microsoft Word document, which contained malicious Flash (SWF) content.  The majority of attacks analysed by Kaspersky Lab were targeted against human rights activists and political dissidents from Africa and the Middle East.”

Adobe released a security update for this issue, saying it was aware of reports of this vulnerability being exploited in the wild.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more