Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild

Published: 2010-09-14
Last Updated: 2011-01-24 23:35:52 UTC
by Adrien de Beaupre (Version: 1)
7 comment(s)

Adobe has released an advisory for Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android, as well as Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. CVE-2010-2884 has been assigned to the issue, which has an impact of crashing Flash or arbitrary code execution on some affected platforms. There is currently no patch, Adobe has indicated that it should be released in late September and/or early October. There are indications that this previously unknown vulnerability is currently being exploited in the wild by malicious web sites attacking browsers. YYAAAV Yes, Yet Again Another Adobe Vulnerability. Sigh.

Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploits the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place. Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes it is recommended to explore workarounds for mitigation, detection of already compromised hosts, and cleanup.

Adobe PSIRT blog: http://blogs.adobe.com/psirt/2010/09/security-advisory-for-adobe-flash-player-apsa10-03.html

Adobe advisory: http://www.adobe.com/support/security/advisories/apsa10-03.html

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

7 comment(s)

Comments

I use many machines during the course of my day, and my temptation is to just uninstall on the machines that don't need it. If something comes up later and I do seem to need it, I will either switch to a new machine or install the new version.
That's what I did. Fewer potentially vulnerable systems means less scrambling and less of a chance that something will get missed and remain vulnerable.
I wish I had that option. Our business relies on PDFs like people rely on water to survive (direct mail marketing) and they would flip if I tried interfering with that. I tried switching a couple to Foxit Reader and they went ballistic because the icon for the PDF changed and they couldn't recognize it. It us against the world...my users can't even be helpful.
@JoeyH: er... Flash != Acrobat
Opps...good looking John, I posted this on the wrong article.
@JoeyH @John Hardin: Actually, it does say Adobe Reader and Acrobat as well as Flash in the first sentence.
Version 10.1.85.3 released
http://www.adobe.com/support/security/bulletins/apsb10-22.html

Diary Archives