Adobe has posted Security Advisory APSA11-02 for Adobe Flash Player, Acrobat and Reader related to the Authplay.dll. The exploit was first reported publicly by http://krebsonsecurity.com/. The 0day is being used as part of a spear phishing campaign which includes a Microsoft Word document with the .SWF file embedded within it. At this time there is no attack specific to Mac OSX or iOS.
Users and Administrators should take the following action:
- Do not install Adobe products such as Reader or Flash on Mac OSX production servers.
- Use Preview.app for PDF files.
- Do not download files that are un-trusted via email.
- Disable Flash Player if you do not need it.
- Use No Script, Click to Flash or Flash Block to block Flash content.
- Run the Flash Player via a Script in /usr/share/sandbox or custom script using any of the following: /usr/bin/sand-exec or /usr/bin/sand_init() ** See man pages for specifics.
- Beware of any attachments from un-trusted sources.
- Do not add to the problem by forwarding an email from an un-trusted source.