Adobe warns of zero-day flaw in Flash, Acrobat

by CXOtoday Staff    Jun 08, 2010


Adobe has issued a security advisory announcing a new zero-day vulnerability (CVE-2010-1297) that is being exploited in the wild against both Adobe Flash Player, Adobe Reader and Acrobat. The vulnerability is present in the Adobe software for platforms including Windows, Macintosh, Solaris, Linux or UNIX. Symantec Security Response has confirmed that the attack involves Trojan.Pidief.J, which is a PDF file that drops a back door onto the compromised computer if an affected product is installed. Upon analysis of an attack, it is also observed that a malicious SWF file (detected as Trojan Horse) is used in conjunction with an HTML file (detected as Downloader) to download another malware (detected as Backdoor.Trojan) from the web.

To stay protected from targeted attacks, enterprises and computer users alike should:
- Make sure operating systems and applications are updated with the latest patches
- Be cautious and not open suspicious email attachments or attachments that are not expected
- Use a complete security solution that protects against today’s threats, as well as unknown threats