Attackers Exploiting New Adobe Flash Bug

A new attack on a Flash bug has surfaced that would give attackers control of a victim’s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.

The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. The versions that avoided being affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, and Acrobat/Reader version 8.x.

The attack isn’t widespread in the wild yet, Adobe has only received two reports of online attacks. Of course the attack is new and may just be starting to ramp up. Adobe will update the advisory when a schedule has been determined for creating a fix.

Until the fix is ready, they tell Flash users that they should use the 10.1 release candidate to avoid attack where Acrobat and Reader 9.x users can downgrade to version 8 or deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.



Comments (6)

  • Drson says:

    Hello,

    Here is BAT script for automated install of 10.1RC7. To work, you need somewhere in path placed wget.exe download utility (here is nice win port: http://users.ugent.be/~bpuype/wget/)

    ==COPY next lines to FLASH101.BAT and run it==
    @echo off
    :: Downloads and installs Adobe Flash 10.1.RC7 (for avoiding security bug before oficial version release
    :: It supposes that you have wget utility somewhere in path
    ::
    :: V1.1 6.6.2010 change options for 10.1 (/install instead /s)
    :: V1.2 6.6.2010 wget variant
    @echo Flash Plugin automated install with version check
    @echo .
    @echo Please close all instances of all Internet browsers…
    @pause

    mkdir %temp%\flash10
    cd /D %temp%\flash10

    SET WPATH=%~dp0

    :: change this for each new version
    set ACT_FLASH_VER=10.1.53.64
    wget -O install_flash_player.exe http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_rc7_plugin_060210.exe
    wget -O install_flash_player_ax_IE.exe http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_rc7_activex_060210.exe

    echo latest Adobe Flash version is %ACT_FLASH_VER%
    set AFL_VER=not_installed
    :: delims is a TAB followed by a space!!!!!!!!!
    FOR /F “TOKENS=3 DELIMS= ” %%A IN (‘REG QUERY “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX” /v DisplayVersion’) DO (SET AFL_VER=%%A)
    @echo Installed version – Flash IE: %AFL_VER%

    IF %AFL_VER%==%ACT_FLASH_VER% GOTO EOF1
    @echo Update Flash IE plugin to latest version %ACT_FLASH_VER% …
    start “” /wait %WPATH%\install_flash_player_ax_IE.exe /install

    :EOF1

    set AFL_VER=not_installed
    :: delims is a TAB followed by a space!!!!!!!!!
    FOR /F “TOKENS=3 DELIMS= ” %%A IN (‘REG QUERY “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin” /v DisplayVersion’) DO (SET AFL_VER=%%A)
    @echo Installed version – Flash FF+: %AFL_VER%

    IF %AFL_VER%==%ACT_FLASH_VER% GOTO EOF2
    @echo Update Flash FF+ plugin to latest version %ACT_FLASH_VER% …
    start “” /wait %WPATH%\install_flash_player.exe /install

    :EOF2
    cd ..
    rmdir /S /Q flash10
    :: End of script
    =============EOF=============================

  • vandalais says:

    Although I haven’t come across any infected machines, as I understand it is fairly widespread. I’d like to see Adobe have a quicker response than they have in the past.The RC is very stable and knowing Adobe, they will release 10.1 before they have a fix.

  • what good does it do to gain control after you crash the computer?

  • Jim says:

    It crashes the computer in order to force the restart so the malware can load. JUst like allot of other programs that require restarts after installation….

  • No Brakes says:

    Funniest thing EVER. I saw a girl who obviously just got her fixie go down one of the hills here in San Francisco and smash the ground (she didn’t get hurt).

  • Not sure about “EVER”