Adobe has officially answered the zero-alert discovered back in June, 2010 that opened Flash Player users up to malicious attacks. Zero-alerts describe a vulnerability detected unbeknownst to the developer, giving him or her zero chance to find a fix or antidote.
Adobe fixes critical security flaw found in Flash Player 10.2.152.33 and previous versions (Flash Player 10.2.154.18 and previous versions for Chrome users) for Windows, OS X and, Linux, and on Android, the mobile platform. A week prior, Google released a new version of Flash Player along with a Chrome update.
According to an Adobe Security Advisory released back in June 2010, the vulnerability could trigger a system crash and give an attacker control of its victim's PC.
Cyber criminals have been working tirelessly to find loopholes and vulnerabilities in hardware and legitimate software, to aid in their deceit and plan to scam PC users out of their money and gain control of victims' digital asset (PCs).
Was the Update Due to a Malicious Attack?
At the time of discovery, Adobe did not feel Adobe Reader and Acrobat were specifically being targeted by scammers. However, the software maker plans to consider a prevention technique known as sandboxing in its next Adobe Reader quarterly update. Sandboxing has been successfully used in Adobe Reader X Protected mode to prevent exploits such as the zero-alert discovered in June, 2010 could have potentially ignited.
Fixes to an associated critical vulnerability found in the authplay.dll component used in Adobe Reader and Acrobat X (10.0.), and earlier versions of Windows and Mac OS were also released under a separate bulletin.
Adobe advises users of Adobe Reader v.9.4.3 to upgrade to v.9.4.2 for Windows and Macintosh. Also, Adobe users of Acrobat X v.10.0.1 for Windows and Macintosh should upgrade to Adobe Acrobat X v.10.0.2.
How Can I Protect Myself?
The bottom line is PC users are going to have to be extremely cautious when opening up attached files from either known or unknown sources, since scammers are hijacking persons' accounts. PC users should also be wary of slick salesmen, i.e. interfaces or pop-ups out of nowhere, promising goodwill to your PC in the form of upgrades or security protection, when in fact, they are most often the intruder and your real problem.
If you encounter a malicious system attack, please counter with a legitimate anti-malware solution and make sure to post your experience here on this blog, to help protect and alert other would-be-victims.
Nobody wants to see cyber criminals benefit from a hardware or software vulnerability, or just plain ole innocent human behavior. Sometimes we humans simply don't think it will happen to us and don't invest in preventative measures until it is too late.