Adobe confirms Flash zero-day bug in PDF docs

Hackers exploiting flaw already in the wild, says iDefense

Adobe is investigating a critical vulnerability in its Flash format that is currently being exploited by hackers using malicious PDF documents, according to the company's security team and outside researchers.

Adobe said little in a short entry to its security blog late Tuesday. "Adobe is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10," said Brad Arkin, the company's director for product security and privacy. "We are currently investigating this potential issue."

Reader and Acrobat 9.1.2 are the most current versions of those applications.

An Adobe spokesman early Wednesday confirmed that the vulnerability was an issue within Flash content that is inserted into a PDF (Portable Document Format) file. Users can drop Flash movies into PDF files, for instance.

VeriSign's iDefense said it spotted an in-the-wild attack exploiting the Flash zero-day, according to a target="new" message posted to Twitter yesterday. "iDefense recently investigated a targeted attack using [a] embedded zero-day Flash exploit inside a PDF file," the security intelligence company said.

Adobe has had its share of security problems this year, particularly with Reader, the popular PDF viewer. In mid-March, for example, it plugged several holes in Reader, including one that had been exploited by hackers since early January. Then in both May and June it followed that with further fixes to quash another Reader zero-day and patch another 13 bugs in the viewer.

Security was also at issue this week when Danish bug tracker Secunia noticed that Adobe continues to provide an outdated edition of Reader for download. Yesterday, Adobe reacted to Secunia's report by saying it was reevaluating how its software updater operated.

iDefense did not immediately respond to a request for more information on its findings, while Adobe's spokesman said details of the Flash-PDF vulnerability would be posted on the company's security blog when they are available.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags adobeadobe flashpdf bugzero day exploit

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?