Adobe has acknowledged a 0-day in their Flash player.
Both this 0-day and the Adobe Reader flaw have patches scheduled already:
- Flash update – week of Sept. 27
- Reader update – week of Oct 4, this will substitute the scheduled update of Oct 12.
Security Researchers are impressed by the creativity in the recent Adobe 0-day. VUPEN has a interesting blog post with an analysis on the DEP/ASLR bypass technique and @reversemode and @dinodaizovi agree.
A new critical 0-day vulnerability has been discovered in the wild for the latest version of Adobe Reader 9.3.4. Adobe has published an advisory and notes that all Operating Systems are affected. They will be providing updates as more information becomes available.
Some of the exploit code is published and we expect an exploit to become available in the exploit toolkits.
We will keep you posted as we get more information.