seguridad adobe

New Adobe Flash Bug Being Exploited

On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won’t be patched for nearly two weeks.

As users await the Oct. 4 release of a patch for the CoolType.dll vulnerability in Adobe Reader, a software and security company has published an unofficial patch for the bug that essentially replaces the vulnerable DLL with a patched one.

If there was still any question that Adobe’s products have emerged as the prime targets for attackers right now, the events of the last week have removed any doubt. Within the space of six days, Adobe has been forced to release separate warnings about attacks targeting unpatched flaws in both its Reader and Flash Player products.

Although Adobe doesn’t have a patch ready yet for the newly disclosed vulnerability in the company’s Reader application, Adobe and Microsoft security officials said that Microsoft’s recently released Enhanced Mitigation Environment Toolkit 2.0 can protect users against the exploit that is currently circulating.

Attackers are using a previously unknown exploitation technique that bypasses both ASLR and DEP to exploit the unpatched Adobe Reader bug that Adobe warned users about on Wednesday. The exploit works on machines running either Windows Vista or Windows 7 and is also dropping a file on compromised machines that is signed using a stolen, valid digital certificate.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.