Qualys Blog

www.qualys.com
wkandek

0-day for Adobe Flash and Reader – Updated

Update:
Adobe has published the patches for Flash and AIR as bulletin ABSB11-05. Patches for Adobe Reader can be found as bulletin ABSB11-06

Original:
Adobe just published a security advisory (APSA11-001) for a critical vulnerability in Adobe Flash that can be used to take control of the attacked machine. Adobe Flash is embedded in Adobe Acrobat and Reader, so both of these software packages are also vulnerable to the attack.

Adobe is aware of exploits for the vulnerability being used in the wild, with a known attack vector through a Flash file embedded in an Excel spreadsheet.

Adobe will release a fix for the Windows, Mac OS X and Linux/Unix operating systems during the week of March, 21st,

Users of Adobe Reader X are not vulnerable to the exploit as the sandboxing technology included in Reader X prevents the code from executing. We recommend installing/updating your installations of Adobe Reader to this newest version, as this occurrence highlights the increased robustness gained from the sandboxing.

Leave a Reply