Keep Your Eyes on this Adobe Zero Day
A new Adobe exploit is circulating via Flash movies in the last day or so. Looks like the vulnerability is present across many Adobe products and can be exploited on Android, Linux, Windows and OS X.
Here is a link to the Dark Reading article about the issue, and you can also find the Adobe official alert here:
A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.
This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.
We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010.
As this matures and evolves and gets patched, it is a good time to double check your patching process for workstation and server 3rd party software.
That should now be a regular patching process like your ongoing operating system patches at this point. If not, then it is time to make it so.
Users of HoneyPoint Wasp should be able to easily any systems compromised via this attack vector using the white listing detection mechanism.
Keep a closer than usual eye out for suspicious new processes running on workstations until the organization has applied the patch across the workstation environment.
Cross-posted from State of SecurityNote: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.