Gladiator Research and Security

GSA Reference Number: AD100607-01

Simply Put: Adobe has released an advisory for a critical vulnerability in Adobe Flash.  Adobe Reader and Acrobat are also exploitable through the authplay.dll component included with Adobe Reader and Acrobat 9.x.  This vulnerability can lead to remote code execution and are already the target of malware authors.  No patch is available at this time.  However, Adobe has provided workarounds in its advisory.

GSA Reference Number: AD091209-01

Simply Put: Adobe has released a critical patch to address seven security vulnerabilities regarding its Flash Player and Adobe Air products. Flash is used on most websites for active content, such as animated or interactive menus and images, and movies.  Adobe Air allows users to run active web content outside of a browser.  These vulnerabilities have been rated Critical and could lead to remote code execution or information disclosure.  Flash versions older than 10.0.42.34 and Air versions older than 1.5.3 are affected by these issues.  Gladiator recommends that these patches are applied to all workstations as soon as possible. Users running Flash Player 9 should upgrade to version 10 at this time.

GSA Reference Number: AD080528-01

Simply Put: Adobe’s Flash Player has a new, zero-day vulnerability. Zero-day means the attack is being actively exploited on the internet and there is not a patch available. Adobe Flash Player is used to display flash files (.swf) in web pages – these files are normally seen as movies or animations. The vulnerability can be used to run malicious code on a user’s machine without notification or permission. Gladiator feels this issue is extremely critical.