A vulnerability that Adobe has confirmed to exist in a number of its Reader, Flash Player and Acrobat products is being exploited through malicious Flash code in Web pages, according to one researcher.
As reported yesterday, an Adobe flaw is being exploited via a malicious PDF file attack that can potentially crash Windows, Macintosh and Linux operating systems and according to Adobe, "potentially allow an attacker to take control of the affected system.”
But according to Paul Royal, principal researcher at Purewire, the Adobe Flash vulnerability is also being exploited through Web pages with the Flash exploit embedded in them as multimedia.
Royal described this form of attack as including "a Flash movie of one-frame length. This malicious Flash file is being embedded in Web pages, sometimes of legitimate websites that are compromised.
"Purewire's research indicates this malicious Flash movie file is just different enough from the PDF file exploit that it isn't being detected by many anti-malware software packages yet.
But Royal adds that just since Wednesday more anti-malware vendors have worked to update their software to detect the malicious PDF file exploit, generally sent as an e-mail spam attachment. The malicious PDF file appears to be used mostly in targeted attacks against specific corporations.
In its advisory, which is being updated as needed, Adobe states "A critical vulnerability exists in the current versions of Flash Player (v9.0159.0 and v.10.022.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v.9x for Windows, Macintosh and Unix operating systems.
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”
Adobe, which says it is in contact with several anti-virus and security firms concerning the Flash vulnerability, states it intends to provides fixes for most of the affected products by the end of the month.
The underlying vulnerability has been known to exist as a "bug" since December, but probably first began to be "weaponised" around July 9, says Royal. Flash exploits could have started prior to that, he adds.