Qualys Blog

www.qualys.com
wkandek

Adobe Flash and Reader 0-day

On Friday Adobe announced a critical 0-day vulnerability for Adobe Flash that has been observed in active use in the wild. A successful exploit gives the attacker full control over the target machine, which can run Windows, Mac OS X, Linux and Solaris.

The vulnerability also affects Adobe Reader V9, that comes with an integrated Flash player, which is used to play Flash content embedded in PDF documents. Adobe Redare V8 is not affected.

Attack vectors are malicious websites and and infected PDF documents that can be received through e-mail or web download.

Although Adobe does not have a patch at the moment, users can evaluate Adobe’s posted instructions for workarounds in the advisory itself.

References:

Leave a Reply