Flash player users, which is the majority of Internet users, do not come to rest in past years. There is seldom a month passing by without another Flash vulnerability. Adobe today released a security advisory warning for all Flash users that describes a critical security vulnerability in the popular software.
Affected are more or less all Flash users. This includes Flash installations on Windows, Mac and Linux, the built-in Flash Player of the Google Chrome browser, Flash on Android and Flash in Adobe Reader and Acrobat.
- Flash Player 10.2.153.1 and earlier versions on Windows, Mac, Linux, Solaris
- Adobe Flash Player 10.2.154.25 and earlier for Chrome
- Adobe Flash Player 10.2.156.12 and earlier versions for Android
- Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
Adobe confirmed reports that the vulnerability is actively exploited. The vulnerability uses embedded Flash files in Microsoft Word documents to exploit the issue. According to Adobe’s information those are delivered as email attachments and targeting the Windows platform.
Adobe Reader and Acrobat do not appear to be targeted right now. Adobe Reader X users are protected from this exploit by the program’s Protected Mode.
Adobe is currently finalizing a schedule for delivering updates for all affected versions of Flash Player except for Adobe Reader X which will receive the update on the next quarterly security update on June 14, 2011.
How can users protect their system from these kind of attacks? You should be cautious when you receive document attachments, especially if they come from unknown senders. Probably the best option in this case is to save those attachments to the computer, and open them in an online viewer such as Google Docs.
You could alternatively use a third party document viewer that does not support Flash, but the safest bet is an online viewer.
Interested users find additional information about the newly discovered Flash vulnerability at the Adobe Security Bulletin.
Related Articles:
New Critical 0-day Flash Vulnerability Exploited Via Excel AttachmentsAdobe Reader, Acrobat and Flash Player Zero Day Vulnerability
Another Adobe Reader Zero-Day Vulnerability Emerges
Critical Adobe Reader And Flash Vulnerabilities Emerge
Adobe Security Updates For Flash, Adobe Reader
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Eagerly awaiting HTML5 to replace this @&%# soon!
Unfortunately, as Martin pointed out in a prior article response, HTML5 is not something that will replace Flash. If anything, it will be Microsoft’s Silverlight. And whenever I visit a site offering both Flash and Silverlight, I chose Silverlight. Microsoft has learned from their mistakes and actually try to incorporate security. Adobe is still programming like a slushed out drunkard old has-been pretending to know how to drive a fast car.
Unfortunately, as Martin pointed out in a prior article response, HTML5 is not something that will replace Flash. If anything, it will be Microsoft’s Silverlight. And whenever I visit a site offering both Flash and Silverlight, I chose Silverlight. Microsoft has learned from their mistakes and actually try to incorporate security. Adobe is still programming like a slushed out drunken old has-been pretending to know how to drive a fast car.
@DanTe
Microsoft’s Silverlight is dead. No one uses or will ever use it on the web (beside Microsoft).