News

Adobe Confirms Zero-Day Hole Exploited by Hackers

Adobe has released a security advisory on a "critical" vulnerability in its Flash Player that could cause a system crash and allow for remote access by an attacker. Along with disclosing the vulnerability, Adobe has confirmed that the hole has already been taken advantage of by hackers.

"Reports that we've received thus far indicate the attack is targeted at a very small number of organizations and limited in scope," wrote Brad Arkin, senior director of product security and privacy at Adobe, in a blog posting. "The current attack leverages a malicious Flash (.SWF) file inside a Microsoft Excel (.XLS) file." He then wrote that the malicious files are being sent through e-mail and installed when opened.

Adobe disclosed that it hasn't seen any attacks delivered through a .PDF file as of yet, but warns that similar exploits can and have been transported in this fashion. In response, it has shipped an out-of-cycle update for Adobe Reader, Acrobat v9 and Acrobat X that should avoid this exploit from executing.

Those running Adobe Reader X on a Windows machine don't have to worry about the exploit due to the software's sandbox protection feature. "Adobe Reader X Protected Mode (aka "sandboxing") is designed to prevent the type of exploit we are currently seeing in the .SWF/.XLS attack from executing," said Arkin. "Even if an attacker made the transition to a .PDF container for the exploit, the sandbox would prevent the final step of malicious software installation on the victim's machine."

As for the vulnerability in its Flash Player, Adobe is currently in the process of finalizing a fix for the issue, which will come in the form of an update sometime during the week of March 21.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.