Adobe Flash Player zero-day under attack

Adobe Flash Player zero-day under attack

Summary: The zero-day hacker attacks against Adobe's software products are coming fast and furious.

SHARE:

The zero-day hacker attacks against Adobe's software products are coming fast and furious.

Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a zero-day flaw in its ubiquitous Flash Player.

Adobe says the vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android.

It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.follow Ryan Naraine on twitter

From Adobe's advisory:

This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Technical details about the vulnerability are not yet available.

Adobe says it expects to issue a Flash Player patch during the week of September 27, 2010.

Patches for Adobe Reader aren't due until the week of October 4, 2010.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

57 comments
Log in or register to join the discussion
  • IE on Windows and Firefox on Ubuntu should be safe

    Thanks to the "on by default" sandbox that protect IE (on Vista and Windows 7) and Firefox (on Ubuntu), users of these products have nothing to fear from these vulnerabilities.

    OS X, however, is totally and utterly unsafe by default. You have been warned. For the love of the children, please switch from OS X.

    OS X: the least safe OS out there. I stake my reputation on it.
    NonZealot
    • Oh no

      @NonZealot
      [i]OS X: the least safe OS out there. I stake my reputation on it. [/i]

      And to bring in the children. :(
      klumper
    • RE: Adobe Flash Player zero-day under attack

      @NonZealot

      Safety is not completely determined by the vulnerability of a product. Whether you are being targeted is a major factor. Your kevlar vest may be safer than my T-shirt, but I'm probably safer sitting in a park vs. you walking through a firing range.
      forrestgump2000@...
      • Nice analogy, I do have to give you that...

        @forrestgump2000@...

        However, one walking through a firing range would no doubt have their guard up, and be expecting any attack so as to defend themselves.

        On the other hand, those sitting in the park will be ignorantly looking on as they are brutally attacked, especially while all the other park idiots are constantly claiming "oh, it will never happen here!"
        SonofaSailor
      • I will tell you what....

        @ SonofaSailor <br><br>I will sit on an average park bench on a typical busy Saturday afternoon.<br><br>You put on your flak vest and start walking behind the targets at firing range on a typical busy Saturday afternoon.<br><br>We will see who fares better.
        Bruizer
      • The unwritten computer law ....

        @forrestgump2000@... Unfortunately, there is a not so well known computer law that applies to users:<br><br><center><h2>The more idiot proof you make something, the better idiots you create. </h2></center>
        wackoae
      • RE: Adobe Flash Player zero-day under attack

        @forrestgump2000@... Thanks for sharing. i really appreciate it that you shared with us such a informative post..
        <a href="http://www.pureresearchpapers.com/">Research Paper Help</a>
        <a href="http://www.puretermpapers.com/termpaper/help.asp">Term Paper Help</a>
        <a href="http://www.pureessays.com/">Essay Help</a>
        bynes69
      • RE: Adobe Flash Player zero-day under attack

        @forrestgump2000@... Thanks for the information. This is a wonderful post!!
        <a href="http://www.purethesis.com/">Thesis Help</a>
        <a href="http://www.puredissertation.com/">Dissertation Help</a>
        bynes69
    • You never had a much of a reputation to stake.

      @NonZealot

      And now you just lost it. So sad.
      Bruizer
    • Hey wait. You...I.....oh never mind.

      @NonZealot
      nt
      Dietrich T. Schmitz, ~ Your Linux Advocate
      • Too good

        @Dietrich

        [i]Hey wait. You...I.....oh never mind.[/i]

        LOL
        klumper
    • OS X does have MAC so a sandbox is possible.

      @NonZealot: I believe it was first implemented in Leopard. However the only use I'm aware of is with Time Machine (TM). You can see it in action by attempting to delete TM backups. You won't be able to do so...even as root. It's a shame because it could secure Safari in a manner much like Windows and Linux.
      ye
    • Sandboxing your browser will not protect you from...

      @NonZealot... A Malicious PDF file. False sense of security, I hope to dear God that you are not a tech, as these children you speak of would be in serious trouble.

      And I do believe your reputation is safe, as this really doesn't deviate from your typical MSFT Script.
      Snooki_smoosh_smoosh
      • It will for PDFs you view through the web browser.

        @JM1981: [i]A Malicious PDF file. False sense of security, I hope to dear God that you are not a tech, as these children you speak of would be in serious trouble.[/i]

        Likewise I didn't see him mention anything specifically about PDF files. Since he responded to the article, which primarily addresses Flash, his post was correct.

        It's not his reputation that's at risk. It's yours.
        ye
      • It will for PDFs you view through the web browser.

        @JM1981: [i]A Malicious PDF file. False sense of security, I hope to dear God that you are not a tech, as these children you speak of would be in serious trouble.[/i]

        Likewise I didn't see him mention anything specifically about PDF files. Since he responded to the article, which primarily addresses Flash, his post was correct.

        It's not his reputation that's in question. It's yours.
        ye
      • RE: Adobe Flash Player zero-day under attack

        @ye Nice double post there; way to improve [i]your[/i] reputation. Struggling with the reply button?
        webmaster@...
      • @YE

        Way to ignore the facts of the article...<br><br><i>"It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac."</i><br><br>And what NZ said:<br><br><i>"Thanks to the "on by default" sandbox that protect IE (on Vista and Windows 7) and Firefox (on Ubuntu), users of these products have nothing to fear from these vulnerabilities."</i><br><br>Nice Fail Ye...
        Snooki_smoosh_smoosh
      • You can thank this wonderful forum software for the double post.

        @webmaster: It has nothing to do with me.
        ye
      • Your fail is nice JM1981.

        @JM1981: Title of the blog:

        "Adobe [b]FLASH PLAYER[/b] zero-day under attack"

        From the blog:

        "Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a zero-day flaw in its ubiquitous [b]Flash Player.[/b]"

        "It (the vulnerability, not the exploit which is the subject of this blog) also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac."

        And Adobe Reader is an add-on within IE. Thus viewing PDFs via the web will be limited by IE's Protected Mode.

        Yes, you are a failure. No need to remind us again.
        ye
    • RE: Adobe Flash Player zero-day under attack

      @NonZealot Kind of like the "Here you have" virus that's attacking WINDOWS machines?

      For the safety and sake of your children, please switch from Windows.
      cyberslammer