ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe warns of new Flash Player zero-day attack

By | April 11, 2011, 2:19pm PDT

Summary: Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe. This latest Flash Player zero-day attack comes just weeks after EMC’s RSA Division was hit with a malware attack that used a rigged Flash (.swf) file embedded in a Microsoft Excel document. In [...]

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

This latest Flash Player zero-day attack comes just weeks after EMC’s RSA Division was hit with a malware attack that used a rigged Flash (.swf) file embedded in a Microsoft Excel document.

In both cases, the attacks are being used to steal corporate secrets.

Here’s the gist of the latest Flash Player zero-day:

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Adobe says it is in the process of finalizing a schedule for delivering patches for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.

Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe plans to fix this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Macromedia Flash Player, Zero-day Bug, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

68
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Adobe warns of new Flash Player zero-day attack
lovedong 13th Sep
Thank you! Thank you! rolex watches
View in thread
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
tatiGmail 11th Apr 2011
Oh, Adobe, can't catch a break these days.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
ejhonda 12th Apr 2011
@tatiGmail You typically catch breaks by producing quality, secure products. So yeah, Adobe isn't catching breaks.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
striker67 12th Apr 2011
@ejhonda Nothing is 100% secure
0 Votes
+ -
ZD: Still doesn't know how to communicate.
dgurney 13th Apr 2011
After all these years, they're still breathlessly using the unexplained "zero-day" moniker.

ZD, you're pathetic.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
lovedong 13th Sep
Thank you! Thank you! rolex watches
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
betelgeuse68 11th Apr 2011
Yet another example where Microsoft's EMET is likely to safegaurd you:

http://mastercobbler.blogspot.com/2010/09/microsofts-enhanced-mitigation.html

Just like in a previous zero day situation:

http://news.cnet.com/8301-1009_3-20016161-83.html?tag=topTechContentWrap;editorPicks

Too bad the RSA doesn't use Microsoft's EMET as they were recently hacked.

-M
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
desilvav 13th Apr 2011
@betelgeuse68

using MS EMET would not be open (no pun intended)
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Aerowind 11th Apr 2011
Is there a reason Flash content can be embedded in office files? I can't see there being a good reason for it.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Yiu Korochko 11th Apr 2011
@Aerowind Better use of animation and time/button based commands etc...
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Isocrates 12th Apr 2011
@Yiu Korochko

Please explain how a Microsoft Word document improves Adobe's Flash Player's “ animation and time/button based commands.”
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
desilvav 13th Apr 2011
@Aerowind

this is a virus not a stroll in the park. Look in the mirror
0 Votes
+ -
Never!
james347 11th Apr 2011
Not Adobe!
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
redcaboosejr@... 11th Apr 2011
Flankly, I don't trust Adobe at all, and especially their Flash player. It's a product I eschew and reccomend everyone to do the same. Sorry, never cared for it, never trusted it.
I an old man and old school. It is a sad state of affairs.
0 Votes
+ -
Deleted Flash player from all my systems years ago.
Bruizer 11th Apr 2011
@redcaboosejr@...

Could not be happier and when most sites realize Flash is not an option, they fall back alternate content.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
linux-user 11th Apr 2011
@Bruizer

Steve Jobs is correct, Flash is crap
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Lerianis10 12th Apr 2011
@Bruizer

No, they don't. Flash is the DE-FACTO standard for video services on the internet and a lot of other websites.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
LTV10 12th Apr 2011
@Lerianis10

Flash is also the DE-FACTO standard for introducing malware into the windoze swiss cheese operating system.
0 Votes
+ -
how about those flash ads...??
wizardjr 11th Apr 2011
Now I wonder if some SOB can do this with one of those flash ads that are the curse of downloading so many web pages these days. I swear some of those pages are a terabyte with all the damn flash ads on them.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
shawkins 11th Apr 2011
@wizardjr:
I agree. I use Firefox now with the FlashBlock add-on. Very much enjoy using it.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Boomslang 11th Apr 2011
@shawkins
Firefox or Chrome with Flashblock defaulted to deny all. All you have to do is click a button if you really want the content is the current best method of preventive measures against total Flash in the Pan Meltdown.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Boomslang 11th Apr 2011
@shawkins
But doesn't save you from Flash embedded in Office documents. We now need a Microsoft Office FlashBlock plugin.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
wkulecz 12th Apr 2011
@wizardjr

Three things. Firefox, NoScript, Flashblock.

Things like Adblock don't hurt either.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Crowtown Updated - 11th Apr 2011
Ya know, Adobe and Microsoft both are guilty of releasing software "constantly" that leads to this. Maybe they should slow down a bit ehh? As a web developer, I spend more time patching than coding and I need to code around a lot of the garbage Adobe puts out. In my opinion, they need to spin off what they bought from Macromedia to someone who cares.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Jimster480 11th Apr 2011
Well atleast its only in a word document.
0 Votes
+ -
only in a word document
use_what_works_4_U 12th Apr 2011
@Jimster480
or an Excel document.

so far.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
jeremychappell 12th Apr 2011
@Jimster480 Err, what do people share? Oh yeah, Word and Excel documents...

I don't see this as mitigation at all...
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
inkwell 11th Apr 2011
Are these the same flash players that pester us ceaselessy to update then want us to sign our life away plus that of our firstborn son?
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Boomslang 11th Apr 2011
@inkwell
Yep, the one that supposedly needs a downloader to help move a tiny 2MB file, said purpose of the downloader really to display ads for yet more Adobe muck. And then requires you to check a stupid box to acknowledge some behind the scenes EULA that demands you don't reverse engineer or decompile this commercial security breach to steal its worthless intellectual property.
0 Votes
+ -
How to install Adobe Flash Player without the download manager
Isocrates 13th Apr 2011
@Boomslang

Google the title: "How to Install Adobe Flash Player Without Installing Adobes DLM (Download Manager) Browser Plugin" at techerator.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
lehnerus2000 14th Apr 2011
@Isocrates
Thanks for that tip. happy

Updating Flash in FF has always been a nightmare.
Hopefully it's easier in FF4.
0 Votes
+ -
Only "word" doc. ??
olddogv 11th Apr 2011
I would be real careful with anything created w/ MS Office, or compatible with MS Office. Since similar show up in Word & Excel, & I use Ubuntu, I think I'll open as a text file, after scanning closely. I'm not paranoid, I KNOW they're out to get me.
0 Votes
+ -
Apple Is Such A Flash Hater
m0o0o0o0o 11th Apr 2011
Wait - wasn't there something in some lame talk Jobs gave about Flash being a disaster and a security nightmare so it was being banned from iOS? What an idiot. Clearly Apple is just hating on Adobe
0 Votes
+ -
Apple was not even mentioned, but since you went there...
Pete "athynz" Athens 12th Apr 2011
@m0o0o0o0o And you are an idiot... this has NOTHING to do with Apple - Jobs saw the truth that Flash sucks out loud, this is just even more proof of that. This has nothing to do with hate for Adobe and everything to do with how badly Flash sucks out loud. If Flash is so wonderful tell me why is it that the number one downloaded browser plug in/ extension is a Flash Blocker?

Troll elsewhere Adobe Shill.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
m0o0o0o0o Updated - 12th Apr 2011
@athynz perhaps you should re-read my post because I'm pretty sure it didn't need #SARCASM. Well, I guess it must have since you reacted so violently to it.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
jeremychappell 12th Apr 2011
@athynz That's the point he's making...
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Pete "athynz" Athens 12th Apr 2011
@m0o0o0o0o Sorry - knee jerk reaction there. I'm too used to seeing the ABAers and Apple Hater spew things like this and be utterly serious about it.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
m_a_simons@... 11th Apr 2011
What kind of jokers are working at Adobe as programmers ?
Duh...bug with Excel, now bug with Word, next week bug with Powerpoint ?
Or have we already had that one ?
Fire that staff.
I use Chrome, and don't have flash on it. Will keep it that way.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Viper589 11th Apr 2011
@m_a_simons@...

.... Ahem... Dude you do know that chrome has flash player built in right?
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
m_a_simons@... 11th Apr 2011
@Knix96 Like I said...its disabled.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
Alan Smithie Updated - 12th Apr 2011
That's not quite true for Linux, at least on Suse, you use what is in usr/lib(lib64)/browser-plugins. I'm currently using the 64bit square versions which works very well. In windows you can make chrome use a different version of flash:

http://google-chrome-browser.com/how-disable-chromes-built-flash-use-flash-beta-release
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
ItsTheBottomLine 12th Apr 2011
m_a_simons@...

Actually you said "...I use Chrome, and don't have flash on it." nothing about it being disabled.
0 Votes
+ -
Hey where are all those people who daily
James Quinn 11th Apr 2011
claim Apples iDevices to be failures because they don't use Flash!?! Where are all the claims that Flash or no Flash is a deal breaker? That Flash is vital? Flash is something all right but to name it would be to get ones post censored:P

Pagan jim
0 Votes
+ -
'autorun' feature
nigelrf 11th Apr 2011
@wizardjr, shawkins & boomslang: Agreed. If anyone is serious about ending such issues regarding many such scenarios much less this one, the browser makers and MS should build-in the default block option for ALL applications that run software with potential for abuse. As an alternative for essential operations using flash, they should utilize another means of execution.

Maybe bad for advertisers, but worse for consumers of advertising... or maybe it good to keep the consumer more beholden to hardware and software vendors than needed.
0 Votes
+ -
How to eliminate Flash use from Web sites
Isocrates 13th Apr 2011
@nigelrf

Google the phrase: "HTML5 Video" and read the info at
Html5video DOT org
w3schools DOT com/html5/html5_video.asp
wikipedia DOT org/wiki/HTML5_video
0 Votes
+ -
Cool
MrElectrifyer 11th Apr 2011
We'll all soon be switching to SilverLight as an alternative. Who ever thought that fukn Steve Jobs was right about frash wink
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
jeremychappell 12th Apr 2011
@MrElectrifyer The solution to insecurity in a plugin is not another plugin.

Microsoft are fully committed to HTML5, while Silverlight will be around for quite a while, I'm sure Microsoft won't be pushing it to the detriment of HTML5.
0 Votes
+ -
Save us from confusion-creep ...
PassingWind Updated - 12th Apr 2011
It used to be simple. You chose an application appropriate to what you want to do. Working with words - word processor. Working with numbers - calculator or spreadsheet depending on how many numbers and how often you do the calculation(s). Working on photographic images - an image processor. Making an image - a painting program. Creating a drawing - a drawing program.

Then we wanted to print things - OK until we want to print words and pictures. Then the word processor became a word-and-picture processor.

Then we went multi-media, using sound and video. At that stage it is logically "bye-bye paper" - except that we still want to take away printed copies of what we experience. Duhhh. And the word processor suddenly becomes the universal tool. There is no logical reason why the drawing program or the spreadsheet could not have become the universal tool, but the word processor was and is where everybody starts, so that is where things logically migrated to.

But hold on - market complexity is what makes money. Confused customers are vulnerable, and that means exploitable, so let's make a better word processor that can do other things as well, a better spreadsheet that can do other things as well, and so on ....

And make an ecosystem with so much confusion in it that nobody knows what anything is for anymore - except that anything can be used for everything, and everything can be used for anything. And let's have lots of different anythings. In this ecosystem anybody can perpetrate any mischief because as the confusion spreads it becomes impossible for anybody to police anything; when anything can do anything there are no rules to police.

For heavens sake will somebody put one copy of each bit of functionality into a single anythingprocessor so we only have one UI to learn, one way of invoking each primitive element, and no need for any more upgrades except to add new functionalities to this one program. In this way, only one environment has to be made secure.

The lead has to come from the Open Source community - putting pressure on the Software-as-a-licence-to-exploit-confusion (SAALTEC) community to compete with its standards-based user friendliness. The hard work has already been done - several times over and in several different ways. All we need to do is to put the best examples of each feature into a single simple framework.

Then give this reader-browser-editer-creater a new name. Call it an opener, and make web2.0, the cloud and all the other buzz word developments invisible to anybody using an opener.

And specify the universal plug-in interface for any opener.
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
wkulecz 12th Apr 2011
IF youTube stopped using Flash, I'd delete it everywhere!
0 Votes
+ -
RE: Adobe warns of new Flash Player zero-day attack
jeremychappell 12th Apr 2011
@wkulecz Try:

http://www.youtube.com/html5

It isn't a universal cure for Flash on YouTube... but it might help.
0 Votes
+ -
All of Apple's corporate secrets are safe...
thofts 12th Apr 2011
Plus...Flash is the bane of a good web surfing experience.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix