The flaw lies in both the Flash Player and authplay.dll, which ships with Windows versions of Reader. Flash is affected on all operating systems, however.
Adobe has already received reports of attackers utilizing the exploit via an Excel sheet with a specially crafted .SWF embed. There have been no reports of Reader being attacked as of yet. It's also worth noting that Reader X would not be vulnerable, thanks to its sandboxing kung fu.
As always, the key with attacks like this is vigilance. Cast a skeptical eye on attachments you receive, especially those from untrusted sources. Since this particular attack appears to only be targeting Flash via an Excel sheet at the moment, it might not be a bad idea to use a Web-based viewer to open any .XLS or .XLSX attachments you receive. The Google Docs Viewer and Zoho Viewer are both good options.
Once Adobe's got the fix ready next week, you should receive an update notification. Make sure you update, rather than hiding the alert and going about your business... Not that you (or we) would ever do that.
Flash and Reader zero-day vulnerability going unfixed for a week originally appeared on Download Squad on Tue, 15 Mar 2011 07:47:00 EST. Please see our terms for use of feeds.
No comments:
Post a Comment