Image via CrunchBaseYet again Adobe has quickly announced to be releasing software updates in relation to the zero-day vulnerability of Adobe Flash. Adobe has previously also provided the updated version of Adobe Flash, but from now onwards, with the updates of today, it is releasing carrying the upgraded version of Adobe Flash to reproduce the upgraded versions of Acrobat and Reader. Both of the software’s, in one way or the other, comprised and depended on the Flash components. This made them vulnerable to some extent as well, which is now dealt with, in this latest update.
Adobe has announced to release these update software’s earlier than the speculations of the experts, this is being believed as a very abrupt response to the new exploits in the wild. According to the report of the Adobe security advisory; "There are reports that this vulnerability is being actively exploited in the wildagainst both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform."
According to a latest post on the blog of Qualys CTO Wolfgang Kandek, he elaborates the degree of threat raised by the malicious Word document file, which is attached to a mail and has a believable normal name in order to tempt random users to open it. And right after that the ‘user’ becomes a ‘victim,’ as the Flash zero-day vulnerability is exploited and results into involuntary installation of a remote control agent. Consequently another second Word file is opened which actually has the real content. The most ridiculous and harmful matter of fact is, that this all happens so quickly to even notice.
The blogger identified two similarities of the back to back zero-day flaws in Flash which are seemingly very much related to each other in one way or the other. It has been proposed that maybe Adobe has hurried too much for released patch that they might have unfortunately even missed out some key element of the vulnerability. However, upon inquiry, the Adobe spokesperson was very consistent in implying his point that these two Flash vulnerabilities were completely totally not linked. He went on explaining his stance that the "The two vulnerabilities existed in entirely different parts of the code and different ActionScript Virtual Machines (AVMs)."
Regardless of all this hassle of Adobe due the identification of the vulnerability, Adobe will still however, launch its typical quarterly update cycle in June to update the Windows version of Adobe Reader X, according to the routine. Adobe has reassured it entire consumer base that the ‘Protected Mode sandbox security’ integrated in the Reader X for Windows totally prevents it from being exploit from executing, in any condition.
No comments:
Post a Comment