Security Warning: Vulnerable
Adobe Flash Being Exploited in The Wild
affecting Adobe Flash is being actively exploited in limited, targeted
attacks on the Internet. Adobe Flash Player and other Adobe
applications that include the Flash runtime, such as Adobe Reader 9 and
Acrobat 9, are also affected. There is currently no vendor patch available.
Adobe expects to release a patch for Flash Player by July 30, 2009 and Adobe Reader 9 and Acrobat 9 by July 31, 2009.
Warning: Vulnerability is being
actively exploited on the Internet.
(A "warning" alert is for a situation that are currently occurring or
conditions are right for the situation to occur soon.)
Severity: High. An exploit could potentially allow an attacker to take control of the affected system.
Because Flash is ubiquitous, we will likely see many other attacks over the coming months that will
attempt to exploit this vulnerability.
Flash player version
10.0.22.87 and earlier 10.x versions as well as Flash player version
188.8.131.52 and earlier 9.x versions are affected. The Adobe Flash
browser plug in is available for multiple web browsers and operating
systems, any of which could be affected.
Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions.
How Are Systems Compromised?
The current exploit is using SWF embedded in PDF files.
Systems could be exploited in two ways. The user can be lured into visiting a website leading
to execution of malicious SWF file or executing a malicious PDF file. An attacker could also create a PDF document that has an embedded SWF file to
exploit the vulnerability. A malicious PDF file could be sent to the user by some other means, such as e-mail.
A system without Flash Player can be compromised.
Do I Protect My Computer
There is currently no vendor supplied patch available. Install the patch from Adobe as soon as it is available.
a patch for Flash Player is available and installed, the vulnerability
in Flash Player can be avoided by disabling the Flash Player plug in in
your web browser.
Until a patch for Adobe Reader and Acrobat is available and installed, deleting,
renaming, or removing access to the authplay.dll file that ships with
Adobe Reader and Acrobat v9.x stops the vulnerability, but opening a
PDF file that contains SWF content will cause the application to crash
or display an error message.
Do not run with administrator rights for normal work to mitigate the impact of a potential exploit.
Ensure that virus protection definitions are up to date.
Exercise caution in browsing untrusted websites.
Adobe Security Advisory: http://www.adobe.com/support/security/advisories/apsa09-03.html
Adobe Product Security Incident Response Team:
Symantec Security Blogs:
IT Professional Services
is closely monitoring the development of this situation. Since the
current exploit is limited and since user action against best practice
(all of systems under
managed care are
configured to not open PDF files in the browser and to prompt to open
or save PDF files), it appears that an emergency deployment
of this update will not be necessary unless other exploits make use of
a vulnerability. Should it become necessary, ITPS will be
prepared to perform an emergency deployment of the update to
protect all systems under
If you need assistance installing protection from
this vulnerability or a security assessment, IT Professional Services
can help. Call our
out more about our managed care service.
To find out how vulnerable your network is
schedule a free network security analysis today.
We at IT Professional Services (ITPS)
hope that the information in this bulletin is valuable to you. ITPS
believes the information provided herein is reliable. While care has
been taken to ensure accuracy, your use of the information contained in
this bulletin is at your sole risk. All information in this bulletin is
provided "as-is", without any warranty, whether express or implied, of
its accuracy, completeness, fitness for a particular purpose, title or
non-infringement, and none of the third-party products or information
mentioned in the bulletin are authored, recommended, supported or
guaranteed by ITPS. ITPS shall not be liable for any damages you may
sustain by using this information, whether direct, indirect, special,
incidental or consequential, even if it has been advised of the
possibility of such damages.