Recently, Adobe cautioned users on a critical vulnerability in Flash player, which if exploited could allow attackers to gain complete control on a computer system.
(prHWY.com) April 12, 2011 - Albuquerque, NM -- Albuquerque, NM, United States - In yet another security advisory, Adobe recently alerted users on new critical flash player vulnerability. The security flaw allows an attacker to gain complete control of the compromised computer system. The security flaw is reported to be exploited in the wild. Attackers embedded a flash (.swf) file in a Microsoft Word document and dispatched document as an e-mail attachment to users for targeting Windows Platform. When unwary users download the attachment, the malicious code is executed and computer systems are compromised. The vulnerability affects Flash Player 10.2.153.1 and prior versions for Windows, Macintosh, Solaris and Linux operating systems. In case of Chrome, Flash Player 10.2.154.25 and prior versions are affected by the vulnerability. Flash Player 10.2.156.12 and prior versions on Android platform is exposed to the identified vulnerability.
The critical security flaw also affects Authplay.dll component shipped with Adobe Reader and Acrobat X (10.0.2) and prior versions of 10.x and 9.x versions for Windows and Macintosh operating systems. Adobe has not issued any patch to mitigate the vulnerability.
The security advisory assures users that the protected mode of Adobe Reader X prevents execution of the exploit of the identified vulnerability. Last month, Adobe released mitigated a vulnerability, which could have caused an attacker to embed a flash (.swf) file in a Microsoft Excel file and deliver to targeted users through e-mail attachment. Cybercriminals are vibrant in identifying and exploiting vulnerabilities. IT professionals are required to constantly upgrade their technical skills through e-learning and online technology degree
courses to combat sophisticated cyber threats.
Usually, security professionals affiliated to developers evaluate and identify weaknesses in software products. In this case, the vulnerability was first reported by independent security researcher, Mila Parkour in his blog. According to the researcher, the e-mail comes with word document on Industrial and competition policy in China. The e-mail is well-crafted and claims to be the latest issue of American Bar Association's (ABA) Antitrust Source encouraging recipients to open the file. Antitrust Source is issued bimonthly by ABA and focuses on issues related to antitrust and consumer protection. Internet users are more likely to fall prey to the trap as the February issue of the ABA's online journal features an article with the same title and is authored by the same authors as referred to in the malicious e-mail. Hiring professionals qualified in IT masters degree, secured programming and penetration testing could help developers to evaluate the strength of the software products and improve their security features.
Developers must emphasize on creating awareness among users on different types of online threats, cyber security guidelines, phishing scams, security solutions and patch management through blogs, e-tutorials and online computer degree
programs. Internet users must avoid downloading e-mail attachments received from unknown sources. They must directly visit the concerned legitimate websites by typing the web address in the browser to download publications, software, security solutions and other products. They must also scan the documents received from legitimate sources, before downloading them. Users must adhere to the security advisories issued by developers and install necessary updates to safeguard their systems from malicious threats.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.