Today Adobe published an out-of-band update APSB10-17 for a 0-day vulnerability published during Charlie Miller’s BlackHat talk.
The vulnerability is critical and can be used to take control of the targeted computer and should be addressed as soon as possible.
Adobe credits Tavis Ormandy for the discovery of the vulnerability. It seems that Tavis reported the vulnerability to Adobe before Charlie’s Black Hat presentation. This is an example that illustrates an effect that security researchers have long tried to call attention to: it is possible and seems to happen every once in a while that vulnerabilities are discovered independently, both by security researchers and/or malware writers. Tipping Point’s ZDI initiative would be in a position to publish statistics on how often they have such an overlap.
The update also includes the update to Flash (Adobe Reader brings its own embedded Flash version) released last week – APSB10-016 and further improves the handling of vulnerability CVE-2010-1240, which was first addressed in June in APSB10-015.