Printed from http://www.electronista.com

Adobe Flash suffers from 'critical' new zero-day hack

updated 07:25 am EDT, Tue March 15, 2011

Patch inbound for affected platform, eventually

Adobe has published another security advisory after the discovery of a "critical vulnerability" in Adobe Flash Player 10.2.152.33 and earlier versions across all major platforms including Windows, Macintosh, Linux, Solaris and Android mobile devices. According to Adobe, the Zero-Day exploit is being deployed in the wild in "targeted attacks" through a Flash (.swf) file embedded in a Microsoft Excel file delivered as an email attachment. Adobe reports that it is "finalizing a fix for the issue," but does not expect to have the hole patched until the "week of March 21."

Adobe explains that the exploit can cause a system crash followed by the attacker taking control of compromised systems remotely. In the meantime, users should exercise extreme caution when receiving emails with any type of Flash file embedded within it. Given the popularity of the Flash platform, it would seem that this could be a somewhat difficult situation to manage.

Unlike Android devices, Apple's iOS devices continue to eschew Flash, and are among the few devices immune from this latest security flaw. Apple also recently took the step of removing Flash as a standard install on some of its notebook lines. Steve Jobs has been publicly critical of security vulnerabilities in Flash as well as stability issues with the plug-in. He has also been critical of the length of time that Adobe has taken to issue patches to correct these types of issues. [via Yahoo!]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. pairof9s

    Mac Enthusiast

    Joined: Jan 2008

    +8

    Well...

    When you're a company that doesn't really develop programs but instead buys them, then it's obvious you're going to have difficulties fixing and ensuring the software. That's Adobe.

    /

  1. Blairmc

    Fresh-Faced Recruit

    Joined: Sep 2003

    +8

    Im sad

    Im sad that a company that I rely on to make a living (PS & Illustrator) software that I love for what it helps me make can on the other hand can be so lazy, monopolistic and down right underhanded with regards to Flash.


    Get with the program and dump Flash as it belongs in the 90s

  1. kerryb

    Fresh-Faced Recruit

    Joined: Aug 2001

    +8

    monopolistic = lazy

    Monopolies do nobody good but those that own the monopoly. Microsoft advanced like a glacier on a chilly day in the 90's when it had just about wrapped up the tech world with it's browser and desktop monopoly. The only good thing that happens to monopolies is they usually collapse under their own weight. Adobe may be showing signs of this with it's failure to see beyond Flash into more modern technologies which will be used in the post pc era. Adobe may be coming a mini Microsoft, its best days behind it.

  1. NeXTLoop

    Senior User

    Joined: Aug 2002

    +9

    That's it...

    Flash has been removed from my MBP...and will never return. I'm sick and tired of a company that is so irresponsible as Adobe when it comes to security. Even MS has a better track record than this.

  1. boris_cleto

    Fresh-Faced Recruit

    Joined: Sep 2002

    +6

    And here I thought

    Flash was a zero-day hack.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2

    Re: That's it...

    Flash has been removed from my MBP...and will never return. I'm sick and tired of a company that is so irresponsible as Adobe when it comes to security. Even MS has a better track record than this.

    Irresponsible how? That there was a bug in their software? Guess what, all programs have bugs. Many bugs can be hijacked. They're working on a fix.

    And note that it's a 'zero-day' exploit because hackers found it and exploited it before any white-hats did. Which is always a concern with any platform (and why you can't say "Well, no one has released a virus for the mac" when they could have, you just haven't heard about it).

    And while it attacks Flash, it really is just a trojan. It requires social-engineering to get people to open up the excel file. Not exactly the best delivery method. But, h***, if it lets you all rail against flash once again, just ignore the details, that's fine.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -3

    Oh

    Unlike Android devices, Appleā€™s iOS devices continue to eschew Flash, and are among the few devices immune from this latest security flaw.

    How many devices are ACTUALLY affected? Has anyone actually developed an exploit outside of Windows? Is there a Linux or Mac exploit, or is it one of those "There's a flaw that could open a hole, assuming someone knows what they're doing" things?

    And Apple's iOS devices have had their own security holes. In fact many of them are what the jailbreak crews use to jailbreak the iPhone/iPad. You know, the one where surfing to a web page could allow a user to gain root access to your iOS device, change the OS, and do who knows what to it. Yeah, we just ignore those.

    And if this report was "Email being sent around with h.264 movie embedded in Pages document causes root access", you'd all be saying how this isn't a real exploit, it requires access to the machine and someone to actually open an email with a document with a file. Just more security companies trying to scare users into buying mac virus software."

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News