Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

PDF vulnerability exploited with Flash

DZone's Guide to

PDF vulnerability exploited with Flash

· Web Dev Zone
Free Resource

Start coding today to experience the powerful engine that drives data application’s development, brought to you in partnership with Qlik.

When Adobe released Acrobat 9 last year, the company introduced support for embedding Flash media in PDF files. This feature is now being used by attackers who are exploiting a new vulnerability in Adobe's Flash media plugin. The vulnerability allows remote code execution, making it a potential vector for malware deployment.

Adobe's security response team issued a statement on Wednesday, confirming the existence of a critical Flash vulnerability that is actively being exploited. The attacks are currently targeted against Acrobat Reader on the Windows platform. Adobe is working to address the problem and says that a fix will be ready by July 30.

As a temporary measure to eliminate the security risk, Adobe recommends disabling Flash support in Acrobat Reader by renaming or deleting the "authplay.dll" file. Doing so will cause Acrobat Reader to abort when it attempts to reads a Flash-enabled PDF.

The US Computer Emergency Readiness Team (US-CERT) has published a cybersecurity alert about the vulnerability and warns that it could potentially be exploited by malicious web sites in addition to PDFs. US-CERT echoes Adobe's recommendation to disable Flash in Acrobat, but also suggests disabling it in browsers too.

Security vendors McAfee and Symantec have both commented on the issue and provided some technical insight. According to Symantec, one known exploit of this vulnerability, which they have designated Trojan.Pidief.G, uses a heap spraying technique.

So until Abobe has released a fix you might want to be careful about which PDF’s you open or do as Adobe advises and rename your authplay.dll.

Create data driven applications in Qlik’s free and easy to use coding environment, brought to you in partnership with Qlik.

Topics:

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}