Must Read: Apple to Congress: We do not use 'tax gimmicks'

Topic: Enterprise Software

Adobe Flash Player zero-day under attack

Summary: The zero-day hacker attacks against Adobe's software products are coming fast and furious.

Ryan Naraine

By for Zero Day |

The zero-day hacker attacks against Adobe's software products are coming fast and furious.

Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a zero-day flaw in its ubiquitous Flash Player.

Adobe says the vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android.

It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.follow Ryan Naraine on twitter

From Adobe's advisory:

This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Technical details about the vulnerability are not yet available.

Adobe says it expects to issue a Flash Player patch during the week of September 27, 2010.

Patches for Adobe Reader aren't due until the week of October 4, 2010.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

64 comments
Log in or register to join the discussion

  • IE on Windows and Firefox on Ubuntu should be safe

    Thanks to the "on by default" sandbox that protect IE (on Vista and Windows 7) and Firefox (on Ubuntu), users of these products have nothing to fear from these vulnerabilities.

    OS X, however, is totally and utterly unsafe by default. You have been warned. For the love of the children, please switch from OS X.

    OS X: the least safe OS out there. I stake my reputation on it.
    NonZealot
    Reply Vote

    • Oh no

      @NonZealot
      [i]OS X: the least safe OS out there. I stake my reputation on it. [/i]

      And to bring in the children. :(
      klumper
      Reply Vote

      • RE: Adobe Flash Player zero-day under attack

        @klumper Definitely you are right. <a href="http://www.paperprofs.com/writing-types/essay/">essay</a> | <a href="http://www.paperprofs.com/writing-types/term-paper/">term paper</a> | <a href="http://www.paperprofs.com/writing-types/research-papers/">research paper</a>
        linasmith
        Reply Vote

    • RE: Adobe Flash Player zero-day under attack

      @NonZealot

      Safety is not completely determined by the vulnerability of a product. Whether you are being targeted is a major factor. Your kevlar vest may be safer than my T-shirt, but I'm probably safer sitting in a park vs. you walking through a firing range.
      forrestgump2000@...
      Reply Vote

      • Nice analogy, I do have to give you that...

        @forrestgump2000@...

        However, one walking through a firing range would no doubt have their guard up, and be expecting any attack so as to defend themselves.

        On the other hand, those sitting in the park will be ignorantly looking on as they are brutally attacked, especially while all the other park idiots are constantly claiming "oh, it will never happen here!"
        SonofaSailor
        Reply Vote

      • I will tell you what....

        @ SonofaSailor <br><br>I will sit on an average park bench on a typical busy Saturday afternoon.<br><br>You put on your flak vest and start walking behind the targets at firing range on a typical busy Saturday afternoon.<br><br>We will see who fares better.
        Bruizer
        Reply Vote

      • The unwritten computer law ....

        @forrestgump2000@... Unfortunately, there is a not so well known computer law that applies to users:<br><br><center><h2>The more idiot proof you make something, the better idiots you create. </h2></center>
        wackoae
        Reply Vote

      • RE: Adobe Flash Player zero-day under attack

        @forrestgump2000@... Thanks for sharing. i really appreciate it that you shared with us such a informative post..
        <a href="http://www.pureresearchpapers.com/">Research Paper Help</a>
        <a href="http://www.puretermpapers.com/termpaper/help.asp">Term Paper Help</a>
        <a href="http://www.pureessays.com/">Essay Help</a>
        bynes69
        Reply Vote

      • RE: Adobe Flash Player zero-day under attack

        @forrestgump2000@... Thanks for the information. This is a wonderful post!!
        <a href="http://www.purethesis.com/">Thesis Help</a>
        <a href="http://www.puredissertation.com/">Dissertation Help</a>
        bynes69
        Reply Vote

    • You never had a much of a reputation to stake.

      @NonZealot

      And now you just lost it. So sad.
      Bruizer
      Reply Vote

      • RE: Adobe Flash Player zero-day under attack

        @Bruizer Yes i am also saying that this is really very sad. <a href="http://www.paperprofs.com/writing-types/assignment/">Assignment</a> | <a href="http://www.paperprofs.com/writing-types/dissertation/">Dissertation</a>
        linasmith
        Reply Vote

    • Hey wait. You...I.....oh never mind.

      @NonZealot
      nt
      Dietrich T. Schmitz, ~ Your Linux Advocate
      Reply Vote

      • Too good

        @Dietrich

        [i]Hey wait. You...I.....oh never mind.[/i]

        LOL
        klumper
        Reply Vote

    • OS X does have MAC so a sandbox is possible.

      @NonZealot: I believe it was first implemented in Leopard. However the only use I'm aware of is with Time Machine (TM). You can see it in action by attempting to delete TM backups. You won't be able to do so...even as root. It's a shame because it could secure Safari in a manner much like Windows and Linux.
      ye
      Reply Vote

    • Sandboxing your browser will not protect you from...

      @NonZealot... A Malicious PDF file. False sense of security, I hope to dear God that you are not a tech, as these children you speak of would be in serious trouble.

      And I do believe your reputation is safe, as this really doesn't deviate from your typical MSFT Script.
      Snooki_smoosh_smoosh
      Reply Vote

      • It will for PDFs you view through the web browser.

        @JM1981: [i]A Malicious PDF file. False sense of security, I hope to dear God that you are not a tech, as these children you speak of would be in serious trouble.[/i]

        Likewise I didn't see him mention anything specifically about PDF files. Since he responded to the article, which primarily addresses Flash, his post was correct.

        It's not his reputation that's at risk. It's yours.
        ye
        Reply Vote

      • It will for PDFs you view through the web browser.

        @JM1981: [i]A Malicious PDF file. False sense of security, I hope to dear God that you are not a tech, as these children you speak of would be in serious trouble.[/i]

        Likewise I didn't see him mention anything specifically about PDF files. Since he responded to the article, which primarily addresses Flash, his post was correct.

        It's not his reputation that's in question. It's yours.
        ye
        Reply Vote

      • RE: Adobe Flash Player zero-day under attack

        @ye Nice double post there; way to improve [i]your[/i] reputation. Struggling with the reply button?
        webmaster@...
        Reply Vote

      • @YE

        Way to ignore the facts of the article...<br><br><i>"It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac."</i><br><br>And what NZ said:<br><br><i>"Thanks to the "on by default" sandbox that protect IE (on Vista and Windows 7) and Firefox (on Ubuntu), users of these products have nothing to fear from these vulnerabilities."</i><br><br>Nice Fail Ye...
        Snooki_smoosh_smoosh
        Reply Vote

      • You can thank this wonderful forum software for the double post.

        @webmaster: It has nothing to do with me.
        ye
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close