Homeland Security Issues Vulnerability Notice – Adobe Flash
July 26, 2009 by national
Filed under Incident Reports
Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment) or a PDF file, an attacker may be able to execute arbitrary code.
Until Adobe is able to offer a patch (expected later this week) US-CERT is recommending you disable Flash or selectively enable Flash content.
Cnet has more – Adobe investigating zero-day bug in Flash
Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.
The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.
Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.
So does McAfee or other security block these threats?
Adobe has just published an update to Flash that patches this vulnerability. It is HIGHLY recommended that all users download this update asap!