In yet another security advisory, Adobe recently alerted users on new critical flash player vulnerability. The security flaw allows an attacker to gain complete control of the compromised computer system. The security flaw is reported to be exploited in the wild. Attackers embedded a flash (.swf) file in a Microsoft Word document and dispatched document as an e-mail attachment to users for targeting Windows Platform. When unwary users download the attachment, the malicious code is executed and computer systems are compromised. The vulnerability affects Flash Player 10.2.153.1 and prior versions for Windows, Macintosh, Solaris and Linux operating systems. In case of Chrome, Flash Player 10.2.154.25 and prior versions are affected by the vulnerability. Flash Player 10.2.156.12 and prior versions on Android platform is exposed to the identified vulnerability.
The critical security flaw also affects Authplay.dll component shipped with Adobe Reader and Acrobat X (10.0.2) and prior versions of 10.x and 9.x versions for Windows and Macintosh operating systems. Adobe has not issued any patch to mitigate the vulnerability.
The security advisory assures users that the protected mode of Adobe Reader X prevents execution of the exploit of the identified vulnerability. Last month, Adobe released mitigated a vulnerability, which could have caused an attacker to embed a flash (.swf) file in a Microsoft Excel file and deliver to targeted users through e-mail attachment. Cybercriminals are vibrant in identifying and exploiting vulnerabilities. IT professionals are required to constantly upgrade their technical skills through e-learning and online technology degree courses to combat sophisticated cyber threats.
Usually, security professionals affiliated to developers evaluate and identify weaknesses in software products.
In this case, the vulnerability was first reported by independent security researcher, Mila Parkour in his blog. According to the researcher, the e-mail comes with word document on Industrial and competition policy in China. The e-mail is well-crafted and claims to be the latest issue of American Bar Association's (ABA) Antitrust Source encouraging recipients to open the file. Antitrust Source is issued bimonthly by ABA and focuses on issues related to antitrust and consumer protection. Internet users are more likely to fall prey to the trap as the February issue of the ABA's online journal features an article with the same title and is authored by the same authors as referred to in the malicious e-mail. Hiring professionals qualified in IT masters degree, secured programming and penetration testing could help developers to evaluate the strength of the software products and improve their security features.
Developers must emphasize on creating awareness among users on different types of online threats, cyber security guidelines, phishing scams, security solutions and patch management through blogs, e-tutorials and online computer degree programs. Internet users must avoid downloading e-mail attachments received from unknown sources. They must directly visit the concerned legitimate websites by typing the web address in the browser to download publications, software, security solutions and other products. They must also scan the documents received from legitimate sources, before downloading them. Users must adhere to the security advisories issued by developers and install necessary updates to safeguard their systems from malicious threats.