Targeted attacks exploiting Flash flaw; Adobe issues fix

Adobe has issued a patch for a critical vulnerability in Flash Player that is being used against Internet Explorer and could affect other operating systems.

The patch fixes the vulnerability in Windows, Macintosh, Linux and Android OSes, Adobe said in a security advisory.  Although the flaw affects all of those operating systems, reports of an exploit in the wild so far have involved only IE for Windows.


Related coverage:

New Adobe exploits leave Flash vulnerable -- again


Users of Flash with Google’s Chrome browser are in the clear, Adobe said, since the patch has been installed automatically.

Adobe called the flaw an object confusion vulnerability that could crash an infected application and possibly allow an attacker to gain control of the system. The exploit discovered in the wild arrives in targeted attacks delivered via e-mail messages that try to trick a user into clicking a malicious file.

The company’s advisory offers instructions on how to check which versions of Flash you’re running, and recommends upgrading to the new versions of Flash.

Flash vulnerabilities have become a popular target for hackers because it’s ubiquitous, existing on practically every computer. The 2011 hack of RSA Security, for example, resulted from phishing e-mails that delivered a zero-day exploit of a Flash flaw.
 
In March, Adobe issued fixes for two other critical Flash vulnerabilities that, like this one, could lead to hackers taking control of systems.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected