Adobe confirms Flash zero-day bug in PDF docs

Hackers exploiting flaw already in the wild, says iDefense

Adobe is investigating a critical vulnerability in its Flash format that is currently being exploited by hackers using malicious PDF documents, according to the company's security team and outside researchers.

Adobe said little in a short entry to its security blog late Tuesday. "Adobe is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10," said Brad Arkin, the company's director for product security and privacy. "We are currently investigating this potential issue."

Reader and Acrobat 9.1.2 are the most current versions of those applications.

An Adobe spokesman early Wednesday confirmed that the vulnerability was an issue within Flash content that is inserted into a PDF (Portable Document Format) file. Users can drop Flash movies into PDF files, for instance.

VeriSign's iDefense said it spotted an in-the-wild attack exploiting the Flash zero-day, according to a target="new" message posted to Twitter yesterday. "iDefense recently investigated a targeted attack using [a] embedded zero-day Flash exploit inside a PDF file," the security intelligence company said.

Adobe has had its share of security problems this year, particularly with Reader, the popular PDF viewer. In mid-March, for example, it plugged several holes in Reader, including one that had been exploited by hackers since early January. Then in both May and June it followed that with further fixes to quash another Reader zero-day and patch another 13 bugs in the viewer.

Security was also at issue this week when Danish bug tracker Secunia noticed that Adobe continues to provide an outdated edition of Reader for download. Yesterday, Adobe reacted to Secunia's report by saying it was reevaluating how its software updater operated.

iDefense did not immediately respond to a request for more information on its findings, while Adobe's spokesman said details of the Flash-PDF vulnerability would be posted on the company's security blog when they are available.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags adobeadobe flashpdf bugzero day exploit

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?