/>
X
Innovation

Adobe 'zero-day' flaw is eight months old

The current zero-day attacks against Adobe Flash Player are not quite zero-day after all.   According to new information, Adobe's security response team knew about the vulnerability since December 31, 2008 (see image below) but it was misdiagnosed as a "data loss corruption" issue.
Written by Ryan Naraine, Contributor on

The current zero-day attacks against Adobe Flash Player are not quite zero-day after all.   According to new information, Adobe's security response team knew about the vulnerability since December 31, 2008 (see image below) but it was misdiagnosed as a "data loss corruption" issue.

When word of the attacks surfaced this week, Adobe quickly locked access to the bug ticket with a note that it was "reclassified as a security bug."

(Click image for full size. Credit @Shirkdog)

Once it got wind of the attacks, which exploit Flash Player within rigged PDF documents, Adobe's security response process kicked into overdrive and the company released separate advisories to offer temporary mitigation.

The company now plans to release patches on July 30th and 31st for Windows, Mac and Linux users.

According to Sourcefire's Lurene Grenier, there are at least two separate vulnerabilities that are being exploited in the wild.  Adobe's advisory only mentions "a critical vulnerability" so it's not quite clear if everything will be fixed next week.

[ SEE: Adobe Flash zero-day attack underway; Harden PDF Reader immediately ]

In the meantime, be sure to follow Adobe's advice and delete, rename, or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x.  This mitigates the current attack vectors.

Firefox users can simply disable the Flash Player plug-in until Adobe releases its patches.

This misdiagnosis of a serious security vulnerability is an embarrassment for Adobe, a company that has been struggling to clean up its image with a major security-themed operations overhaul (podcast).

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Epson is going to stop selling laser printers. Here's why
piles-of-paper.jpg

Epson is going to stop selling laser printers. Here's why

Don't waste your money on these Apple products: December 2022 edition
Waiting in line for the Apple Store

Don't waste your money on these Apple products: December 2022 edition