Adobe Flash 0day shows a Chinese connection

Topic

New Reply

Could the new Flash 0day be yet another product of the rumored Chinese government spearphishing factory? Hard to say. Here’s the facts, in my InfoWorl
[See the full post at: Adobe Flash 0day shows a Chinese connection]

Reply | Quote

Replies

Just got an email from Adobe telling me to upgrade Adobe Reader. Coincidence?

Reply | Quote

@Bob –

The Reader 0day is different from the Flash 0day… Oy.

Reply | Quote

Hi Woody,

Thanks for sharing this fascinating tale! Although I loathe this sort of thing, I’m finding it very difficult to not admire how slick this particular attack seems to be.

Reply | Quote

That “Adobe update” email was a fake! It came from a spoofed url, and really was a phishing attempt. None of the links to download the update worked — fortunately. The email actually said “Adobe Acrobat Reader”, which was also a clue that it was a fake. It was diverted (correctly as it turns out) into my Yahoo Spam Folder.

But thanks for the heads-up that Adobe will eventually issue patches for Flash Player and Reader. Nothing from Secunia PSI about any real Adobe updates yet.

But there’s a boatload of .NET, Powerpoint Viewer, Visual C++ Runtime and IE8 patches this month — all of which I have “on hold” until you give us the word about which ones (if any) will cause headaches this time around.

Reply | Quote

@rc primak, Woody & others: Adobe has recently released a new version of Flash Player 10.2 to address the recent security problems on Adobe security bulletin APSB11-07.

As for Adobe Reader, patches for Adobe Reader 9.x & Acrobat 9.x (and Acrobat X) will be available near the end of April. For those using Adobe Reader X (v10), wait until June 14 for updates on Reader X since Adobe Reader X Protected Mode prevents certain 0day security flaws from occuring.

Reply | Quote

Thanks EP for the clarification. My Windows 7 laptop and its Chrome browser update themselves for Flash Player automatically. I use Adobe Reader X on that laptop, so I guess I’ll have to wait awhile for that update. The fake email was a bit confusing.

Reply | Quote

Update — I just got the Flash Player updates for IE8 and Chrome.

Adobe Reader 10.0.1 has not gotten any updates as of today.

Reply | Quote

@rc primak: you don’t need to worry about updating Adobe Reader X right now as its “memory protection” feature is on by default, which prevents some zero-day vulnerabilities from happening, as I mentioned earlier.

make sure you elliminate the “fake Adobe update” email right away from your computer.

though I’m now beta testing Adobe Flash Player 10.3 RC. Flash 10.3 (not yet final release but it will soon) is included in the nightly builds of Google Chrome 12.

Reply | Quote

@EP —

Short of using beta versions of Flash or Reader, I have kept up with the issues you raise. Thanks again for reminding readers of the extra sandboxing and security built into Reader X.

And yes, I got rid of that fake Adobe email as soon as I determined it was a fake. I never downloaded it onto my computer, but I was working with it in Yahoo Web Mail through my Chrome browser (which cleans itself with the ClickNClean Extension upon each closing of the browser window).

By the way, I had my first online encounter with the LizaMoon Trojan Horse last night. Chrome contained it and CCleaner removed the leftovers. Real AV scans were clean. Chrome even showed the first popup window with a title bar which was the real filename of the intruder. Very useful! And very impressive sandboxing and security on the part of Chrome.

Reply | Quote