Adobe Fixes Flash Zero-Day with Massive Security Update

From PC World: Adobe has been in the headlines for all the wrong reasons recently with new attacks exploiting flaws in Adobe Flash and Adobe Reader. Adobe has addressed the security vulnerabilities now with an immense update resolving a variety of serious issues.

It has been a very busy week for IT administrators and security professionals. Microsoft issued ten security bulletins addressing 34 vulnerabilities in its June Patch Tuesday, then followed with a security advisory for a newly unveiled zero-day flaw. Apple pushed out an update for the Safari Web browser that fixes 48 separate security vulnerabilities. And now, Adobe joins the party with its own huge security update.

"Adobe's Flash update today contains a staggering 32 bug fixes, eerily reminiscent of Apple's massive update. It's been a busy couple of weeks for overworked security teams everywhere," agrees Andrew Storms, director of security operations for nCircle, adding "It sure looks like Adobe is the new Microsoft--the place where security researchers love to find new bugs."

A Websense alert from May 29 explains that the Adobe Flash vulnerability is being exploited through drive-by downloads on many infected Web sites. "Websense ThreatSeeker has been tracking these malicious web sites and have discovered numerous reputable web sites that are now unwilling participants, infecting their very own visitors. These sites are from various industries such as government, education, healthcare, finance, media, and entertainment. This attack also attempts to exploit other popular vulnerabilities such as MDAC, RealPlayer, and various ActiveX controls."

Storms explains "It's pretty clear that Adobe has had the zero-day bug that got a lot of attention last week for a while. It might look like Adobe made heroic efforts to fix this bug in short order, but it's much more likely they have been working on the fix for a while and just finished the packaging and QA process."

View: Article @ Source Site