Targeted attacks exploiting Flash flaw; Adobe issues fix
- By Kevin McCaney
- May 07, 2012
Adobe has issued a patch for a critical vulnerability in Flash Player that is being used against Internet Explorer and could affect other operating systems.
The patch fixes the vulnerability in Windows, Macintosh, Linux and Android OSes, Adobe said in a security advisory. Although the flaw affects all of those operating systems, reports of an exploit in the wild so far have involved only IE for Windows.
New Adobe exploits leave Flash vulnerable -- again
Users of Flash with Google’s Chrome browser are in the clear, Adobe said, since the patch has been installed automatically.
Adobe called the flaw an object confusion vulnerability that could crash an infected application and possibly allow an attacker to gain control of the system. The exploit discovered in the wild arrives in targeted attacks delivered via e-mail messages that try to trick a user into clicking a malicious file.
The company’s advisory offers instructions on how to check which versions of Flash you’re running, and recommends upgrading to the new versions of Flash.
Flash vulnerabilities have become a popular target for hackers because it’s ubiquitous, existing on practically every computer. The 2011 hack of RSA Security, for example, resulted from phishing e-mails that delivered a zero-day exploit of a Flash flaw.
In March, Adobe issued fixes for two other critical Flash vulnerabilities that, like this one, could lead to hackers taking control of systems.
Kevin McCaney is a former editor of Defense Systems and GCN.