New zero-day vulnerabilities found in Adobe Flash Player

Something similar to the zero-day exploit recently discovered in Adobe's Reader and Acrobat tools has been found for its Flash Player as well.

When it comes to malware exploits, Adobe's Flash and PDF software can't seem to catch a break recently.

Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe's Flash Player, which likewise could result in arbitrary code being executed on the system.

Computerworld is reporting that the flaws, for which advisories have been issued by US-CERT, were discovered by Intevydis, a Russian vulnerability research company. Apparently the vulnerability bypasses antiexploitation features in Windows such as DEP and ASLR, and can get around the Internet Explorer sandbox (there is no information on how other browsers handle the issue).

While Intevydis has so far shown the exploit on Windows machines, apparently it works in OS X as well.

So far Adobe has only addressed these exploits for version 9.x of its Reader and Acrobat products for Windows; fixes for the other versions are due in about a month's time. Adobe has not yet issued a response to the current findings regarding Flash Player.

Unlike malware that is directly downloaded to a system and scanned, these malware attempts run through the Flash Player or Adobe Reader programs themselves, making it harder for malware scanners to detect them.

The exploits should be addressed by Adobe sooner or later, but until then you might consider a tool like Click2Flash, NoScript, or Click2Plugin for blocking unwanted Flash content from running on your system.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Point-and-shoot quality with your phone?

    Upgrade your camera photo game with these great additions.