updated 07:25 am EDT, Tue March 15, 2011
Patch inbound for affected platform, eventually
Adobe has published another security advisory after the discovery of a “critical vulnerability” in Adobe Flash Player 10.2.152.33 and earlier versions across all major platforms including Windows, Macintosh, Linux, Solaris and Android mobile devices. According to Adobe, the Zero-Day exploit is being deployed in the wild in “targeted attacks” through a Flash (.swf) file embedded in a Microsoft Excel file delivered as an email attachment. Adobe reports that it is “finalizing a fix for the issue,” but does not expect to have the hole patched until the “week of March 21.”
Adobe explains that the exploit can cause a system crash followed by the attacker taking control of compromised systems remotely. In the meantime, users should exercise extreme caution when receiving emails with any type of Flash file embedded within it. Given the popularity of the Flash platform, it would seem that this could be a somewhat difficult situation to manage.
Unlike Android devices, Apple’s iOS devices continue to eschew Flash, and are among the few devices immune from this latest security flaw. Apple also recently took the step of removing Flash as a standard install on some of its notebook lines. Steve Jobs has been publicly critical of security vulnerabilities in Flash as well as stability issues with the plug-in. He has also been critical of the length of time that Adobe has taken to issue patches to correct these types of issues. [via Yahoo!]