As the SANS Institute’s Internet Storm Center reported yesterday, there is another 0-day exploit actively being used in the wild. This last one exploits a vulnerability in Adobe Flash Player (versions 9 and 10) as well as Adobe Reader and Acrobat
9.1.2.
Most anti virus and intrusion detection systems do not yet detect this exploit which can be operated as a standalone Flash file or embedded in a PDF file.
Given that such malicious links have been injected in legitimate websites, drive-by attacks can be expected.
So, be careful out there.
Hopefully we’ll see both updated signatures soon. Adobe has announced that updated versions of Flash Player v9 and v10 by July 30, 2009 and an update for Adobe Reader and Acrobat v9.1.2 by July 31, 2009.
