Security flaw in Adobe Flash exploited by Trojan malware
Thursday, July 23, 2009
Security researchers at Symantec have identified a critical vulnerability in Adobe Flash that allows an attacker to infect PCs with Trojan malware upon opening a malicious Adobe Acrobat PDF file. Adobe acknowledged the flaw and said it is working on releasing a fix by July 30.
The Flash vulnerability affects current versions of Flash Player for Windows, Mac and Linux operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX, Adobe's security response team said on its blog.
Deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a crash or error message when opening a PDF that contains SWF content, Adobe said.
Symantec warned Wednesday that the Flash bug is serious because of the widespread use of Flash across operating systems and products.
Whereas most vulnerabilities only affect one web browser or software product, Flash exists in all popular browsers and is also available in PDF documents.
"[T]herefore, the threat posed by this issue is not to be taken lightly," Symantec warned on its blog.
Related News:
Security firms join working group to fight web threats - 8.19.2009
Several prominent web security companies are joining together to share information and resources to fight the growing threat of malware on the web. Assembled under the IEEE Standards Association, the working group is called the Industry Connections Security Group (ICSG).
Botnet controllers using Twitter, pastebins like SaaS - 8.18.2009
Cybercriminals who control networks of compromised PCs, called botnets, have hit upon new ways to update Trojan malware through Twitter and other online services, which act as a kind of software-as-a-service (or SaaS) for cybercrime.
Internet Explorer 8 aces web browser security test - 8.14.2009
Microsoft's Internet Explorer 8 (IE8) web browser outperformed Safari 4, Firefox 3, Chrome 2 and Opera 10 Beta in a Microsoft-sponsored security test by NSS labs.
Koobface worm grows more sophisticated in web 2.0 attacks - 8.11.2009
Web security researchers are warning that the notorious Koobface worm that spreads on social networks like Facebook and Twitter has grown more sophisticated in order to evade detection and trick more savvy users into downloading malware.
Adobe Flash flaw exploited by malware in Microsoft Excel files - 8.6.2009
Security flaws that exist in Adobe Flash are being actively exploited by cybercriminals via maliciously crafted Microsoft Excel files, according to web security researchers at security firm Sophos.
|
