Adobe Zero-Day Attack on DC-Based Organizations

On June 4, 2010, Adobe announced a critical vulnerability with Adobe Flash Player, Adobe Reader and Acrobat that could allow attackers to take control of the affected system. While Adobe is working to release a fix, the vulnerability is being actively exploited in what are known as Zero-Day attacks. 

Since then, a series of Advanced Persistent Threat (APT) attacks have been launched against corporate employees in the form of emails that contain malicious links to sites that use this vulnerability. As of last night, a Washington DC Based Information Security media company has obtained information that a number of corporate employees had received such emails and many of them had clicked on the links causing their machines to be compromised.

SecurityOrb, LLC is asking everyone to take extra caution and validate the sender on all emails before opening them. All externals emails should be scrutinized closely before opening any attachment or clicking any links. has also obtain information many of these organizations are blocking all Flash downloads from the Internet. This means that users will not be able to view Flash videos/animation in certain web sites they visit. Adrian Williams of stated, “We do not know how long it will take Adobe to come up with a fix, but it is very important for organizations to implement the proper security controls until the matter has been resolved.”

If you have a business critical need to access Flash video in a specific business-related web site, please contact our Service Desk or Internet Service Provider with the site information and business justification and they may be willing to have it white-listed (allowed) for you to access it.

Please continue to be vigilant and never assume you are protected. Visit for additional tips on how you can be secure.


1 reply
  1. kellepc
    kellepc says:

    Researchers from WebSense are reporting on three currently active malware campaigns, attempting to trick end users into opening malicious HTML files, or automatically exploiting vulnerable PCs relying on the recent Adobe zero day flaw (CVE-2010-1297).


    Adobe has been in the headlines for all the wrong reasons recently with new attacks exploiting flaws in Adobe Flash and Adobe Reader. Adobe has addressed the security vulnerabilities now with an immense update resolving a variety of serious issues.



Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.