Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild

Adobe has released an advisory for Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android, as well as Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. CVE-2010-2884 has been assigned to the issue, which has an impact of crashing Flash or arbitrary code execution on some affected platforms. There is currently no patch, Adobe has indicated that it should be released in late September and/or early October. There are indications that this previously unknown vulnerability is currently being exploited in the wild by malicious web sites attacking browsers. YYAAAV Yes, Yet Again Another Adobe Vulnerability. Sigh.

Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploits the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place. Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes it is recommended to explore workarounds for mitigation, detection of already compromised hosts, and cleanup.

Adobe PSIRT blog: http://blogs.adobe.com/psirt/2010/09/security-advisory-for-adobe-flash-player-apsa10-03.html

Adobe advisory: http://www.adobe.com/support/security/advisories/apsa10-03.html

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
I use many machines during the course of my day, and my temptation is to just uninstall on the machines that don't need it. If something comes up later and I do seem to need it, I will either switch to a new machine or install the new version.
Eric

43 Posts
That's what I did. Fewer potentially vulnerable systems means less scrambling and less of a chance that something will get missed and remain vulnerable.
No Love.

37 Posts
I wish I had that option. Our business relies on PDFs like people rely on water to survive (direct mail marketing) and they would flip if I tried interfering with that. I tried switching a couple to Foxit Reader and they went ballistic because the icon for the PDF changed and they couldn't recognize it. It us against the world...my users can't even be helpful.
No Love.
3 Posts
@JoeyH: er... Flash != Acrobat
John Hardin

62 Posts
Opps...good looking John, I posted this on the wrong article.
John Hardin
3 Posts
@JoeyH @John Hardin: Actually, it does say Adobe Reader and Acrobat as well as Flash in the first sentence.
patermann

35 Posts
Version 10.1.85.3 released
http://www.adobe.com/support/security/bulletins/apsb10-22.html
Anonymous

Sign Up for Free or Log In to start participating in the conversation!