What has been found?
Two new vulnerabilities in Adobe’s ubiquitous Flash Player have been discovered and allegedly can be used to an arbitrary code execution remotely. Essentially these vulnerabilities could allow someone to remotely seize control of a PC without the consent of the owner.
Who discovered these exploits?
The exploits were discovered by a Russian vulnerability research firm called Intevydis. They have created a popular application called Vulndisco designed to test the robustness of programs to exploits. The process, known as “penetration-testing”, is an excellent way of finding software vulnerabilities and security holes.
Interestingly, Intevydis has refused to give Adobe the details of the vulnerabilities. As of last year Evgeny Legerov, the founder and CEO of Intevydis, declared that they will no longer inform software vendors of vulnerabilities they discover.
How can I stay protected?
While Adobe is yet to comment on these latest Zero-day exploits, they are actively working to resolve vulnerabilities as soon as they are aware of them. Next week should see the release a patch to fix some previously discovered security holes in Adobe Reader.
To ensure that you are as well protected as possible, ensure that you have automatic updates enabled for any software you are running (including your OS). Most programs will have this automatically enabled as default.
As always, ensure that you have security software installed so that you have the best possible chance of thwarting a problem or intruder before any damage is caused.