Printed from http://www.electronista.com

Adobe Flash suffers from 'critical' new zero-day hack

updated 07:25 am EDT, Tue March 15, 2011

Patch inbound for affected platform, eventually

Adobe has published another security advisory after the discovery of a "critical vulnerability" in Adobe Flash Player 10.2.152.33 and earlier versions across all major platforms including Windows, Macintosh, Linux, Solaris and Android mobile devices. According to Adobe, the Zero-Day exploit is being deployed in the wild in "targeted attacks" through a Flash (.swf) file embedded in a Microsoft Excel file delivered as an email attachment. Adobe reports that it is "finalizing a fix for the issue," but does not expect to have the hole patched until the "week of March 21."

Adobe explains that the exploit can cause a system crash followed by the attacker taking control of compromised systems remotely. In the meantime, users should exercise extreme caution when receiving emails with any type of Flash file embedded within it. Given the popularity of the Flash platform, it would seem that this could be a somewhat difficult situation to manage.

Unlike Android devices, Apple's iOS devices continue to eschew Flash, and are among the few devices immune from this latest security flaw. Apple also recently took the step of removing Flash as a standard install on some of its notebook lines. Steve Jobs has been publicly critical of security vulnerabilities in Flash as well as stability issues with the plug-in. He has also been critical of the length of time that Adobe has taken to issue patches to correct these types of issues. [via Yahoo!]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. pairof9s

    Senior User

    Joined: Jan 2008

    +8

    Well...

    When you're a company that doesn't really develop programs but instead buys them, then it's obvious you're going to have difficulties fixing and ensuring the software. That's Adobe.

    /

  1. Blairmc

    Fresh-Faced Recruit

    Joined: Sep 2003

    +8

    Im sad

    Im sad that a company that I rely on to make a living (PS & Illustrator) software that I love for what it helps me make can on the other hand can be so lazy, monopolistic and down right underhanded with regards to Flash.


    Get with the program and dump Flash as it belongs in the 90s

  1. kerryb

    Fresh-Faced Recruit

    Joined: Aug 2001

    +8

    monopolistic = lazy

    Monopolies do nobody good but those that own the monopoly. Microsoft advanced like a glacier on a chilly day in the 90's when it had just about wrapped up the tech world with it's browser and desktop monopoly. The only good thing that happens to monopolies is they usually collapse under their own weight. Adobe may be showing signs of this with it's failure to see beyond Flash into more modern technologies which will be used in the post pc era. Adobe may be coming a mini Microsoft, its best days behind it.

  1. NeXTLoop

    Senior User

    Joined: Aug 2002

    +9

    That's it...

    Flash has been removed from my MBP...and will never return. I'm sick and tired of a company that is so irresponsible as Adobe when it comes to security. Even MS has a better track record than this.

  1. boris_cleto

    Fresh-Faced Recruit

    Joined: Sep 2002

    +6

    And here I thought

    Flash was a zero-day hack.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2

    Re: That's it...

    Flash has been removed from my MBP...and will never return. I'm sick and tired of a company that is so irresponsible as Adobe when it comes to security. Even MS has a better track record than this.

    Irresponsible how? That there was a bug in their software? Guess what, all programs have bugs. Many bugs can be hijacked. They're working on a fix.

    And note that it's a 'zero-day' exploit because hackers found it and exploited it before any white-hats did. Which is always a concern with any platform (and why you can't say "Well, no one has released a virus for the mac" when they could have, you just haven't heard about it).

    And while it attacks Flash, it really is just a trojan. It requires social-engineering to get people to open up the excel file. Not exactly the best delivery method. But, h***, if it lets you all rail against flash once again, just ignore the details, that's fine.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -3

    Oh

    Unlike Android devices, Appleā€™s iOS devices continue to eschew Flash, and are among the few devices immune from this latest security flaw.

    How many devices are ACTUALLY affected? Has anyone actually developed an exploit outside of Windows? Is there a Linux or Mac exploit, or is it one of those "There's a flaw that could open a hole, assuming someone knows what they're doing" things?

    And Apple's iOS devices have had their own security holes. In fact many of them are what the jailbreak crews use to jailbreak the iPhone/iPad. You know, the one where surfing to a web page could allow a user to gain root access to your iOS device, change the OS, and do who knows what to it. Yeah, we just ignore those.

    And if this report was "Email being sent around with h.264 movie embedded in Pages document causes root access", you'd all be saying how this isn't a real exploit, it requires access to the machine and someone to actually open an email with a document with a file. Just more security companies trying to scare users into buying mac virus software."

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News