Zero day malware attacks through Adobe Bug
September 14, 2010
Malware writers are once again attacking computer users through a critical vulnerability in the Adobe Flash Player.
The following versions are affected.
- Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android
- Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
Essentially an attacker can execute code that causes the Flash player to crash and then take complete control of the PC. As usually it’s mainly Windows users that are at risk.
Adobe are planning to fix the Windows, Mac and Solaris version during the week of the 27 September 2010 but that’s two weeks away and reports are already coming in of systems being compromised by this bug through Flash. But as yet, no reported issues with Reader and Acrobat but I'm sure these will follow.
How can I protect myself against this Flash bug?
The best way to prevent infection through Flash is to use a browser that supports the excellent Flashblock addin, namely Firefox or Google Chrome.
Flashblock take a pessimistic approach to Flash and blocks ALL Flash content from loading but then leaves a placeholder on the webpage allowing you to click to download and then view the Flash content. In addition, you can set Flashblock to allow all content from a trusted site.