Wednesday, July 29, 2009

Urgent: Majority of Windows systems vulerable to Flash/Acrobat zero-day exploit

Firstly - you may be hearing the term "zero day exploit" more often these days in discussions about security issues. It basically means that the exploit under discussion is already being taken advantage of by the crooks.

Anyway, here's all of the details about the Flash/Acrobat Reader weakness. What is a little different about this one is that more than a few "legitimate" web sites have become infected with malicious Flash content, and so it's quite possible to be exposed to Eeeevil Stuff even if you're not snooping around the darker corners (and tubes) of the Internet. (Flash is used everywhere these days - e.g. YouTube basically runs on it.) Also, unlike some earlier exploits, disabling Javascript in Acrobat (which you should do - it's turned on by default when Acrobat Reader is installed) does not provide protection against this malware.

What seems almost criminal about this is that Adobe has apparently known about this defect for seven months. However, the exploit that actually takes advantage of it is apparently much more recent. I guess they decided to wait until really bad stuff happened before actually fixing their software...

No comments:

Post a Comment