Adobe POC in the Wild

Published: 2010-06-09
Last Updated: 2010-06-10 21:41:55 UTC
by Deborah Hale (Version: 1)
5 comment(s)

On June 5th Handler Guy posted a diary about a Security Advisor for Adobe Products.  http://isc.sans.edu/diary.html?date=2010-06-05

We have received notification that a proof of concept (POC) has been found in malware taken from the wild and is currently being exploited. 
For those that are Adobe users please patch before it is too late.

Thanks to our readers who brought this to our attention. 

Update: For more information see US-CERT Technical Cyber Security Alert TA10-159A. http://www.us-cert.gov/cas/techalerts/TA10-159A.html

 Thanks to those of you who have pointed out that I made a mistake in the Diary.  It appears that there is not a patch available rather currently
just mitigation steps.  It looks like the patch will be released for Flash Player soon and for Reader and Acrobat later in the month.

 

Deb Hale Long Lines, LLC

It appears that the Security Update has been released by Adobe. Thanks to Juha-Matti for providing this information.

http://www.adobe.com/support/security/bulletins/apsb10-14.html

Keywords: POC Adobe
5 comment(s)

Comments

For mitigation in Windows, Adobe recommends renaming authplay.dll

But US-CERT recommends renaming 2 files:
authplay.dll
rt3d.dll

??
They just posted a new Flash uninstaller as well....BUT.....the /S switch doesn't work anymore for silent mode....

Also tried /Q, /qn, and /silent....and a few others....but haven't figured it out yet..... ARGH!!
The post from US-CERT mentions that renaming/deleting rt3d.dll is to just to display a user-friendly error message instead of having it crash.
The new silent switch for the Flash uninstaller is

-uninstall
the unattended/silent switch is now -install

Diary Archives