Adobe Flash hit by security flaw

gallery

Symantec has warned of a new vulnerability in Adobe PDF files, which affects Flash files.

In a blog post, security researchers wrote that they had seen an "Adobe Acrobat PDF file that upon opening drops and executes a malicious binary. It was quite clear that this PDF was exploiting some vulnerability in order to drop its payload."

The vulnerability is not one Symantec had seen before, leading the researchers to dub it a "next generation" flaw. It affects Adobe Flash - not the Reader itself - making it a more serious flaw.

"Most vulnerabilities are confined to one technology; for example, a vulnerability may affect a particular browser or a particular operating system, but it is rare for a vulnerability to span multiple platforms and products," the researchers said, adding Flash was unique in that it is used in all major browsers and PDFs.

"The large user base of Flash presents attackers with a huge target audience and will certainly be too much for them to resist," they added.

Symantec said it's likely the flaw will be exploited soon. Symantec advised users to ensure their antivirus is up to date, adding that the flaw is exploitable in Windows XP and Vista - but not on the latter if User Account Controls are running.

Adobe said it expects to have at least a partial fix for Flash players by 30 July, and Adobe Reader the following day.

Adobe has been hit by PDF troubles before, and this year started issuing monthly patches alongside Microsoft.

Email to a friend

Print this page