Gladiator Research and Security

GSA Reference Number: AD110412-01

Simply Put: Adobe has released a new security advisory regarding a critical vulnerability in Adobe Flash Player, Reader, and Acrobat.  The vulnerability could cause the programs to crash and possibly allow remote code execution.  These vulnerabilities are reportedly being exploited by malware authors at this time.  The attacks are being delivered in Word documents as email attachments.  No patch is available at this time.  Gladiator recommends that institutions inform their users of this threat and tell them not to open any Word document attachments without checking with their information security officer.

GSA Reference Number: AD110208-01

Simply Put: Adobe has released an update for Adobe Reader versions 9.4.2 and 10.0.1.  These latest versions address serious vulnerabilities and added security enhancements.

GSA Reference Number: AD101117-01

Simply Put: Adobe has released an update for Adobe Acrobat and Reader versions 9.4 and earlier. This update fixes a publicly disclosed vulnerability that is currently being used to attack systems on the Internet.  This is a critical issue, and the patch should be applied as soon as possible.

GSA Reference Number: AD101105-01

Simply Put: Multiple Adobe products are vulnerable to some new high-risk remote code execution issues.  First off, Adobe Flash Player versions earlier than 10.1.85.3 have critical vulnerabilities that can be exploited by an attacker to take control of affected systems.  Adobe has released an update for Flash.  Second, Adobe Acrobat and Reader versions 9.4 and earlier are vulnerable to a similar issue because they implement Flash features through an authplay.dll file that can be called from a PDF.  Finally, Adobe Shockwave Player is vulnerable to attack through a remote code execution issue, as well.  There are no patches available for the Adobe Acrobat, Reader or Shockwave Player vulnerabilities.

GSA Reference Number: AD100630-01
Related GSA Reference Number: AD100607-01

Simply Put: Adobe has released a patch for the previously reported critical remote-code-execution vulnerability in Adobe Reader and Acrobat.  This patch addresses additional issues as well.  Adobe Reader and Acrobat versions 9.3.2 and earlier should upgrade.

GSA Reference Number: AD100607-01

Simply Put: Adobe has released an advisory for a critical vulnerability in Adobe Flash.  Adobe Reader and Acrobat are also exploitable through the authplay.dll component included with Adobe Reader and Acrobat 9.x.  This vulnerability can lead to remote code execution and are already the target of malware authors.  No patch is available at this time.  However, Adobe has provided workarounds in its advisory.

GSA Reference Number: AD090513-01

Simply Put: Adobe has released a patch for the critical vulnerability affecting its Acrobat products.  This vulnerability was previously discussed in Gladiator Advisory AD090430-01 on April 30th, stating that all versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability.