Monday, April 11, 2011

April 2011 Adobe 0-day


Adobe released an official announcement  today regarding CVE-2011-0611 stating that Adobe Flash Player, Adober Reader, and Acrobat all contain a vulnerability that "could cause a crash and potentially allow an attacker to take control of the affected system."

Additionally, Adobe mentions that there are already "reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform." To see more about this exploit see the writup over on Mila Parkour's blog.

As many of your already know, RSA (a large security company) was infiltrated by the Advanced Persistent Threat (APT) as a result of last month's critical Adobe Flash vulnerability.

**UPDATE**
Adobe has updated their advisory stating that we should have a patches on the days listed below:
- Flash player by April 15th
- Adobe Acrobat and Reader by April 25th
- Adobe Reader X for Windows, which uses "Protected Mode" (a.k.a. sandbox) by June 25th.

No comments:

Post a Comment