Adobe today has released a new security advisory for Adobe Flash Player, Adobe Reader and Acrobat. All three applications are affected by a critical 0-day vulnerability that is exploited via Excel email attachments. Vulnerable versions are Adobe Flash Player 10.2.154.33 and earlier for all supported desktop operating systems, Adobe Flash Player 10.1.106.16 and earlier for Android and Adobe Reader and Acrobat X, 10.x and 9.x for Windows and Macintosh.
Adobe has confirmed reports that the vulnerability is actively exploited via swf files that are embedded in Microsoft Excel files that are delivered via email attachments. A successful exploit causes a crash of the application and could give an attacker control over the computer system.
A security fix is in the final stages of development, and Adobe estimates that it can be distributed during the next week. Computer users for now should be very cautious when they receive emails with Excel attachments, especially if the sender is unknown. It may be a good idea to open the documents online, for instance via Google Docs instead of a desktop client to block potential attacks.
Protected Mode of Adobe Reader X mitigates the issue according to Adobe, so that the security fix for that version will be delivered with the quarterly security update that is scheduled for June 14.
In short:
- All Flash Player versions 10 are affected for all supported desktop and mobile operating systems.
- All versions of Adobe Reader and Acrobat X, 10 and 9 are affected
- The vulnerability is exploited via Excel email attachments that have a Flash file embedded.
- A patch will be delivered in the next week
Additional information are available at the Security Advisory over at Adobe’s website.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Here We Go Again: Yet Another Flash 0-day Vulnerability EmergesAdobe Reader Vulnerability Exploited By Botnet
Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability
Critical Adobe Reader And Flash Vulnerabilities Emerge
Adobe Security Updates For Flash, Adobe Reader
I really can’t wait until HTML5 is more widely adapted so that I can dump this junk call Adobe… Flash. Are there any viable alternatives coming out to replace the PDF format?
Once again I say: get a mac
Get a mac? Is that in the same theory of if you got hit once, might as well as get bashed up totally and get it over with?