Tuesday, 15 March 2011

Adobe warns of a critical 'Zero-Day' Flash vulnerability

Adobe warns of a critical 'Zero-Day' Flash vulnerability
Adobe has discovered a 'critical' vulnerability in their popular Flash software. Unfortunately, the vulnerability extends to the Android, Windows, Mac, OS X, Linux, and Solaris versions of Adobe Flash.

Adobe explains that the virus comes from an SWF (Flash) file, embedded within a Microsoft Excel email file attachment. When the malicious Flash file is opened, it causes a system crash, and then turns control of your device over to the perpetrators. Furthermore, Adobe indicates that the flaw is more than a mere vulnerability, but that it is being "targeted in attacks."

So is this vindication for Apple's exclusion of the Adobe Flash software on iOS? We don't think so. But we like to imagine that Steve Jobs is sending an email blast that simply says, "I told you so."

The following software versions are affected (i.e. everything):
  • Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.18 and earlier for Chrome users
  • Adobe Flash Player 10.1.106.16 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe says that they have yet to hear of Acrobat and Reader being affected by the vulnerability. They are in the process of developing a fix, but don't anticipate a final solution until the week of March 21st. And this isn't surprising, considering how many platforms are in need of the patch.

source: Adobe via Yahoo! News

No comments:

Post a Comment

please poll if you like this site?