Home   About Us    Services and Products   Support   Contact Us

Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

Security Alerts

Security Warning: Vulnerable Adobe Flash Being Exploited in The Wild
7/26/2009

A vulnerability affecting Adobe Flash is being actively exploited in limited, targeted attacks on the Internet. Adobe Flash Player and other Adobe applications that include the Flash runtime, such as Adobe Reader 9 and Acrobat 9, are also affected. There is currently no vendor patch available.

Adobe expects to release a patch for Flash Player by July 30, 2009 and Adobe Reader 9 and Acrobat 9 by July 31, 2009.

Threat Level

Warning:  Vulnerability is being actively exploited on the Internet.

(A "warning" alert is for a situation that are currently occurring or conditions are right for the situation to occur soon.)

Severity:  High. An exploit could potentially allow an attacker to take control of the affected system.

Because Flash is ubiquitous, we will likely see many other attacks over the coming months that will attempt to exploit this vulnerability.

Affected Software

Flash player version 10.0.22.87 and earlier 10.x versions as well as Flash player version 9.0.159.0 and earlier 9.x versions are affected. The Adobe Flash browser plug in is available for multiple web browsers and operating systems, any of which could be affected.

Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions.

How Are Systems Compromised?

The current exploit is using SWF embedded in PDF files.

Systems could be exploited in two ways. The user can be lured into visiting a website leading to execution of malicious SWF file or executing a malicious PDF file. An attacker could also create a PDF document that has an embedded SWF file to exploit the vulnerability. A malicious PDF file could be sent to the user by some other means, such as e-mail.

A system without Flash Player can be compromised.

How Do I Protect My Computer

There is currently no vendor supplied patch available.  Install the patch from Adobe as soon as it is available.

Until a patch for Flash Player is available and installed, the vulnerability in Flash Player can be avoided by disabling the Flash Player plug in in your web browser.

Until a patch for Adobe Reader and Acrobat is available and installed, deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x stops the vulnerability, but opening a PDF file that contains SWF content will cause the application to crash or display an error message.

Do not run with administrator rights for normal work to mitigate the impact of a potential exploit.

Ensure that virus protection definitions are up to date.

Exercise caution in browsing untrusted websites.

More Information

Security Advisories
Adobe Security Advisory: http://www.adobe.com/support/security/advisories/apsa09-03.html
US-CERT: http://www.kb.cert.org/vuls/id/259425

Blogs
Adobe Product Security Incident Response Team:
http://blogs.adobe.com/psirt/2009/07/update_on_adobe_reader_acrobat.html
Symantec Security Blogs:
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability

Managed Services

IT Professional Services is closely monitoring the development of this situation. Since the current exploit is limited and since user action against best practice (all of systems under managed care are configured to not open PDF files in the browser and to prompt to open or save PDF files), it appears that an emergency deployment of this update will not be necessary unless other exploits make use of a vulnerability. Should it become necessary, ITPS will be prepared to perform an emergency deployment of the update to protect all systems under managed care.

Professional Services

If you need assistance installing protection from this vulnerability or a security assessment, IT Professional Services can help. Call our help desk.

Find out more about our managed care service.

To find out how vulnerable your network is schedule a free network security analysis today.

We at IT Professional Services (ITPS) hope that the information in this bulletin is valuable to you. ITPS believes the information provided herein is reliable. While care has been taken to ensure accuracy, your use of the information contained in this bulletin is at your sole risk. All information in this bulletin is provided "as-is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the bulletin are authored, recommended, supported or guaranteed by ITPS. ITPS shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Privacy Policy

© 2009-2013 IT Professional Services All rights are reserved.  (805) 650-6030