RT @RehaAlev: Twitter to record all links users click http://bit.ly/94hGHx
28 minutes ago by muellermanfred on twitterZDNet / News / Software
Adobe investigating zero-day bug in Flash
Summary
Attackers turn unpatched bug in Flash into an exploit to drop Trojan on computers in latest attack on Adobe software.
Events
Social Media World Forum
22 - 23 Sep 2010
Suntec, Singapore
Asia CXO Leadership Summit - Singapore
7 Sep 2010
Marriott Hotel, Singapore
Governmentware 2010
28 - 30 Sep 2010
Suntec, Singapore
The 5th Annual CIO Forum Asia
28 Sep 2010
Singapore
Social Media Marketing and Measurement
6 - 7 Sep 2010
Parkroyal, Singapore
9 - 10 Sep 2010
Regal Hongkong Hotel, Hong Kong
IDC's Asia/Pacific Cloud Computing Conference 2010
31 Aug 2010
Marriott Hotel, Singapore
Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.
The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.
Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.
In a post on its Web site, Adobe said it "is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information".
"The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique," Patrick Fitzgerald writes on a Symantec Security blog post.
"Typically an attacker would entice a user to visit a malicious Web site or send a malicious PDF via e-mail," he writes. "Once the unsuspecting user visits the Web site or opens the PDF this exploit will allow further malware to be dropped onto the victim's machine. The malicious PDF files are detected as Trojan.Pidief.G and the dropped files as Trojan Horse."
It appears the exploit was first developed about two weeks ago, Royal said. The bug itself has been around since December 2008.
The hole is exploitable on Windows XP and Vista users are protected if User Account Control (UAC) is enabled, Symantec said.
US-CERT offered information about workarounds on its Web site:
• Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".
• Disable Flash Player or selectively enable Flash content as described in the "Securing Your Web Browser" document.
This article was first published as a blog post on CNET News.Related stories
HP Data Protector delivers high-performance data protection at up to 70% lower TCO.
Tech Vendor: HP
Tech Vendor: HP
Latest Stories
ZDNet Asia Live
Using Parallel class for simple multithreading http://bit.ly/bZ3hpf
41 minutes ago by kittirak on topsyneed more
1 hour 16 minutes ago by jepsy on Is it too late to introduce 3G in India?
Using Parallel class for simple multithreading: In this programming tutorial about Parallel Exte... http://bit.ly/c0g5Wi - #AsiaToday #News
2 hours 3 minutes ago by AsiaTodayNews on twitter
RT @Colasoft: RT @zdnetasia: 12 most recommended network monitoring tools http://bit.ly/9KWQ96
2 hours 16 minutes ago by samchen2010 on twitter
RT @WilliamLark: Facebook adds new remote log-out security feature: Facebook users who log in from multiple devices will soon have ... http://bit.ly/ai5asr
3 hours 37 minutes ago by laristech on twitterFacebook adds new remote log-out security feature: Facebook users who log in from multiple devices will soon have ... http://bit.ly/ai5asr
3 hours 46 minutes ago by williamlark on topsy
Samsung: Galaxy Tab has leg up on Apple iPad http://bit.ly/9OPPUy
4 hours 16 minutes ago by RehaAlev on twitter
Samsung: Galaxy Tab has leg up on Apple iPad http://bit.ly/aD9zXt | #Droid #Android
4 hours 29 minutes ago by Droid_Phone on twitterToshiba recalls 41,000 laptops for overheating: U.S. Consumer Product Safety Commission says 129... http://bit.ly/axqc2a - #AsiaToday #News
4 hours 35 minutes ago by AsiaTodayNews on twitter
RT @zdnetasia: 12 most recommended network monitoring tools http://bit.ly/9KWQ96
4 hours 43 minutes ago by Colasoft on twitterGoogle, AOL renew search deal: Under the arrangement, Google provides search for AOL and the com... http://bit.ly/bif9sl - #AsiaToday #News
5 hours 6 minutes ago by AsiaTodayNews on twitterAcer comes back down to earth, Dell rises: Fastest-growing PC company of the last few years stum... http://bit.ly/byByP7 - #AsiaToday #News
5 hours 6 minutes ago by AsiaTodayNews on twitter
Securing consumer gadgets in the workplace: By Nick Heath, Silicon.com on September 3, 2010 (2 minutes ago) news a... http://bit.ly/ad12aw
5 hours 22 minutes ago by Gadget_Quest on twitterSecuring consumer gadgets in the workplace: By Nick Heath, Silicon.com on September 3, 2010 (2 minutes ago) news a... http://bit.ly/97Jth5
5 hours 25 minutes ago by wizmole on topsyGoogle, AOL remplacent l'affaire de recherche - ZDNet Asie: Google, AOL remplacent le dealZDNet Asie de re... http://bit.ly/dy9zaw #musique
5 hours 37 minutes ago by lafiliere on topsyI recommend checking 5pm for a good project management tool. (www.5pmweb.com). It makes the team collaboration easy and is friendly enou...
6 hours 35 minutes ago by Erica on Agile drivers for new project management toolsI am a student researching piracy for my computer course. My mother owns an epublishing company. Ebook piracy is also a huge problem in h...
6 hours 48 minutes ago by tasha6669 on SaaS no silver bullet for piracyFor more information regarding the lawsuit and the patents involved, check out Sunlight Research's upcoming webinar "Will Oracle’s Java...
13 hours 12 minutes ago by Sunlight on Legal woes no impact on Android ecosystem yetGoogle search does not seem to be made for 5 years old kids,anyway your child will learn to say and understand the meaning of this senten...
23 hours 26 minutes ago by irajjs on Facing reality from a Google search about Echo of AmboseliAnother project software is http://www.proofhub.com/. I have used it and it is really good. It contains many new features which you can u...
1 day 22 minutes ago by Barry on Check out Project alternatives: Basecamp and QuickBaseBut iTunes music does not apply to Asia. We STILL CAN'T BUY music from iTunes!!!
1 day 16 minutes ago by maxxtotal on Study: Music, not apps, rules iTunesSadly, asia will probably not get it ...
2 days 19 minutes ago by mingnow on Apple TV to launch with NetflixI read a great deal of blogs, and I have not come across an article that articulates these points so well.
2 days 47 minutes ago by barbaragabogrecan on Is NBN really needed in Australia?The project is very much pro India & may be necessary. But I think it is too futuristic for India which lacks even basic information secu...
3 days 49 minutes ago by amit039 on Should India now look forward to unique ID cards?Hamein Malum Hai Jannat ki Haqiqat Lekin Ghalib, Dil Behelane ko Khayal Achcha Hai As kids and as people who do not want to learn about ...
3 days 49 minutes ago by deepak.sogani on Facing reality from a Google search about Echo of AmboseliCheck out this article on using the Droid X in the Enterprise: http://forum.maas360.com/go/mobileitexpertise/the-x-factor-my-first-week-...
3 days 47 minutes ago by dlima on Five Android apps for enterprise usersI total agree that being married does not automatically make a person a better boss. Neither would I say being single makes you better re...
3 days 5 minutes ago by mingnow on Being married doesn't make one a better bossA very painful way of getting introduced to death. I remember watching 'haati mera saati' around the same age and weeping for day...
4 days 45 minutes ago by Benno on Facing reality from a Google search about Echo of AmboseliI have had to good fortune to use all operating Systems (OS) listed in your article, including Solaris. For the most part, I derive the m...
4 days 36 minutes ago by wanderson on 10 differences between Linux and BSDKeep Up With ZDNet Asia
Facebook 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
Asia CXO Leadership Summit - Singapore
Join Boeing CIO Timothy Wente and Your Peer CXOs for an Inspiring Program!
Register for Governmentware 2010 today!
Join us at Asia's Premier Infocomm Security Conference from 28 Sep - 30 Sep
Download your complimentary UPS Resource Kit!
Use these featured resources to optimize your power protection and management.
Take the Poll & WIN a HP Mini!*
Simply tell us what backup and recovery challenges you are currently facing.
Stop Waiting Start Switching to Juniper
Free Gartner Report shows it reduces costs and increases efficiency
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
