Adobe Warns Of Flash Player Zero-Day Bug

Adobe released a security advisory late Monday warning users of a critical Flash Player vulnerability that is actively being used in zero-day attacks by malicious hackers.

The critical vulnerability occurs in Adobe Flash Player 10.1.82.76 as well as earlier versions for Windows, Mac, Linux, Solaris and Android. The bug also affects Adobe Reader 9.3.4 for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.

Specifically, the glitch enables hackers to execute a malicious attack that could crash users' computers and take control of the affected system to access accounts and steal financial and personally identifying information.

Attackers could trick users into downloading malicious code with an infected PDF or media file, usually through some kind of social engineering ploy.

Initial reports indicate that remote code execution attacks are actively exploiting the critical flaw in Flash Player for Windows, although no attacks have yet been detected against Reader or Acrobat.

"Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploit the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place," said Adrien de Beaupre, SANS Institute researcher, in a blog post Monday.

Thus far, there is no patch fixing the issue, however Adobe said in its advisory that they were "finalizing a fix" for Flash Player, which is slated to be released the week of Sept. 27 and one for Reader and Acrobat, scheduled to be released the week of Oct. 4.

Security experts recommend that users look into workaround options to immediately reduce the risk of attack, in light of the fact that an exploit is already out in the wild and assaulting vulnerable systems.

"Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes, it is recommended to explore a workaround for mitigation, detection of already compromised hosts and cleanup," de Beaupre said.