An Adobe Flash vulnerability that was fixed this week is being leveraged in targeted drive-by downloads and spear phishing attacks, according to the Shadowserver Foundation.
Researchers at the all-volunteer security intelligence group first learned of the exploits on June 9, five days before Adobe issued a patch for the flaw (in addition to updates for bugs in other products, including Reader, Acrobat and Shockwave Player).
Adobe is planning to release updates for Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh to resolve critical security issues. Adobe expects to make these updates available on Tuesday, June 14, 2011.
We recently had the chance at the Hack in the Box 2011 security conference in Amsterdam to speak about PDF malware with security researcher Didier Stevens. But Mr. Steve Adegbite, a senior security strategist at Adobe Systems, was also on site to speak on a much awaited panel, so we took the opportunity to learn his opinion on the matter too.
