Exploits remain few in number, but Rossi expected them to ramp up quickly. "We're seeing very limited exploitation so far, which is pretty typical. PDF attacks tend to start out as targeted e-mail attacks, with an [poisoned] attachment, directed at specific people." After the exploit gains access to the PC -- all in-the-wild attacks seen so far target Windows machines -- it "phones home" to a Web site, Rossi said, to download a Trojan onto the compromised system.
Purewire's Royal noticed that the flaw in Flash was first logged into Adobe's bug-tracking database Dec. 31, 20008, but the current exploit code appears to have been crafted much more recently, on July 9. It's possible that attacks have been in circulation since then. "The bug has apparently existed since December 2008," Royal said.
Although Adobe blocked access to the bug's page for several hours Wednesday night, it reopened the page by about 1 a.m. Eastern today. As Royal reported, the "Created" date for the bug was listed as "12/31/08" on the Adobe Flash Player Bug and Issue Management System.
Adobe has been under the security microscope this week. On Monday, Danish bug tracker Secunia noticed that Adobe continues to provide an outdated edition of Reader for download from its Web site, a practice Adobe originally defended as necessary to produce patches quickly. Tuesday, however, Adobe said it was reevaluating Reader's updating process to close the exploit window.