Targeted attacks exploiting Flash flaw; Adobe issues fix

Adobe has issued a patch for a critical vulnerability in Flash Player that is being used against Internet Explorer and could affect other operating systems.

The patch fixes the vulnerability in Windows, Macintosh, Linux and Android OSes, Adobe said in a security advisory.  Although the flaw affects all of those operating systems, reports of an exploit in the wild so far have involved only IE for Windows.

Related coverage:

New Adobe exploits leave Flash vulnerable -- again

Users of Flash with Google’s Chrome browser are in the clear, Adobe said, since the patch has been installed automatically.

Adobe called the flaw an object confusion vulnerability that could crash an infected application and possibly allow an attacker to gain control of the system. The exploit discovered in the wild arrives in targeted attacks delivered via e-mail messages that try to trick a user into clicking a malicious file.

The company’s advisory offers instructions on how to check which versions of Flash you’re running, and recommends upgrading to the new versions of Flash.

Flash vulnerabilities have become a popular target for hackers because it’s ubiquitous, existing on practically every computer. The 2011 hack of RSA Security, for example, resulted from phishing e-mails that delivered a zero-day exploit of a Flash flaw.
In March, Adobe issued fixes for two other critical Flash vulnerabilities that, like this one, could lead to hackers taking control of systems.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected