Adobe Vulnerability Being Exploited

Last Thursday,I posted a note here about a new Adobe Security Advisory [APSA 10-05], warning of a newly-discovered critical vulnerability in Adobe’s Flash Player.   (This vulnerability has been assigned CVE-2010-3654.)  The vulnerability also affects the Reader and Acrobat products, since they incorporate an embedded Flash player.

The folks over at the SANS Internet Storm Center are now confirming that there is an exploit for this flaw being circulated on the Internet.   At present, the attack is in the form of Flash content embedded in a PDF document.   Adobe says that they are working on a fix, which they expect to be available by November 9 for Flash Player, and by November 15 for Reader and Acrobat.   They may speed this up, but you might want to consider implementing the threat mitigation steps, described in the Security Advisory, which I mentioned in my earlier post.

I will post updated information here as I receive it.

Update Wednesday, 3 November, 12:10 EDT

Adobe has now updated the Security Advisory [APSA 10-05] to say that the fix for Flash Player, on Windows, Mac OS X, Linux, and Solaris, will be available by tomorrow, November 4.

One Response to Adobe Vulnerability Being Exploited

  1. […] (CVE 2010-3654) that was the subject of an Adobe Security Advisory [APSA 10-05], and which I have posted about recently.   (Note, however, that this does not fix the similar vulnerabilities in Adobe’s Reader and […]

%d bloggers like this: