Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting the following Adobe products:
- Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
- Flash Player…
Read more at: US-CERT Current Activity
Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting the following Adobe products:
- Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
- Flash Player 10.2.154.25 and earlier versions for Chrome
- Flash Player 10.2.156.12 and earlier versions for Android
- the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.
Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
The Adobe advisory indicates that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment. However, the method of attack can change at any time.
At this time, Adobe has not released a fix to mitigate this vulnerability. US-CERT encourages users and administrators to do the following to help mitigate the risks until a fix becomes available:
- Review Adobe security advisory APSA11-02.
- Exercise caution when opening unsolicited email attachments.
- Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
Additional information can be found in US-CERT Vulnerability Note VU#230057. US-CERT will provide additional details as they becomes available.
Read more at: US-CERT Current Activity