Targeted attacks exploiting Flash flaw; Adobe issues fix

Adobe has issued a patch for a critical vulnerability in Flash Player that is being used against Internet Explorer and could affect other operating systems.

The patch fixes the vulnerability in Windows, Macintosh, Linux and Android OSes, Adobe said in a security advisory.  Although the flaw affects all of those operating systems, reports of an exploit in the wild so far have involved only IE for Windows.

Related coverage:

New Adobe exploits leave Flash vulnerable -- again

Users of Flash with Google’s Chrome browser are in the clear, Adobe said, since the patch has been installed automatically.

Adobe called the flaw an object confusion vulnerability that could crash an infected application and possibly allow an attacker to gain control of the system. The exploit discovered in the wild arrives in targeted attacks delivered via e-mail messages that try to trick a user into clicking a malicious file.

The company’s advisory offers instructions on how to check which versions of Flash you’re running, and recommends upgrading to the new versions of Flash.

Flash vulnerabilities have become a popular target for hackers because it’s ubiquitous, existing on practically every computer. The 2011 hack of RSA Security, for example, resulted from phishing e-mails that delivered a zero-day exploit of a Flash flaw.
In March, Adobe issued fixes for two other critical Flash vulnerabilities that, like this one, could lead to hackers taking control of systems.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected