Here We Go Again – Yet Another Flash 0-day Vulnerability Emerges

This is sort of a clumsily written article, but it’s still important information, none the less …

Flash player users, which is the majority of Internet users, do not come to rest in past years. There is seldom a month passing by without another Flash vulnerability. Adobe today released a security advisory warning for all Flash users that describes a critical security vulnerability in the popular software.

Affected are more or less all Flash users. This includes Flash installations on Windows, Mac and Linux, the built-in Flash Player of the Google Chrome browser, Flash on Android and Flash in Adobe Reader and Acrobat.

  • Flash Player 10.2.153.1 and earlier versions on Windows, Mac, Linux, Solaris
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome
  • Adobe Flash Player 10.2.156.12 and earlier versions for Android
  • Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

Adobe confirmed reports that the vulnerability is actively exploited. The vulnerability uses embedded Flash files in Microsoft Word documents to exploit the issue. According to Adobe’s information those are delivered as email attachments and targeting the Windows platform.

Adobe Reader and Acrobat do not appear to be targeted right now. Adobe Reader X users are protected from this exploit by the program’s Protected Mode.

Adobe is currently finalizing a schedule for delivering updates for all affected versions of Flash Player except for Adobe Reader X which will receive the update on the next quarterly security update on June 14, 2011.

How can users protect their system from these kind of attacks? You should be cautious when you receive document attachments, especially if they come from unknown senders. Probably the best option in this case is to save those attachments to the computer, and open them in an online viewer such as Google Docs.

You could alternatively use a third party document viewer that does not support Flash, but the safest bet is an online viewer.

Interested users find additional information about the newly discovered Flash vulnerability at the Adobe Security Buletin.


© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , , ,

Link to Original Content

Tags: , , , , ,

Comments are closed.