Saturday, June 5, 2010

Critical Adobe Flaw Being Exploited in the Wild - Again

Adobe systems is reporting that a critical vulnerability affecting Adobe Acrobat, Reader, and Flash is actively being exploited in the wild.

The previously unknown flaw could crash a user's system or result in the attacker taking full control of the affected machine.

Adobe's current advice is for users to delete, rename, or remove access to the “authplay.dll” file included in both Reader and Acrobat while Adobe works on an official patch. This may not be fully effective, given that other programs may also drop this key .dll file during installation.

From the Adobe Product Security Incident Response Team blog:

A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical vulnerability exists in Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

I've written often about Adobe's struggle with securing their product sets, and this is yet another instance where consumers are left to essentially fend for themselves.

Given the Advanced Persistent Threat environment which has developed, third-party peripheral applications continue to be seen by attackers as low-hanging fruit as they seek attack vectors to compromise consumer and corporate hosts. Adobe products are often targeted because of the ease with which they can exploited, combined with a heavy deployment saturation and poor updating practices by home users and enterprise IT departments, to the point where Adobe recently implemented code to install updates and versions automatically.

I've said it before, and I'm saying it again. Get off of Adobe products if at all possible. You can limit your attack surface by 2/3 if you simply move to an alternate .pdf file creater/reader application, and there are many free programs out there.

For now, try to implement the mitigation Adobe recommends if you can't uninstall the products, and wait for a patch.

No comments:

Post a Comment

Please tell me what you think.