Adobe Warns Users of Active Flash Exploit

| News

Adobe issued a warning on Tuesday to alert Flash users that an exploit has been discovered that’s being actively used to take over victim’s computers. The exploit affects Mac and Windows users, along with Linux and Solaris, and Android OS devices.

Flash: The ongoing security saga.Adobe is working to patch an active Flash security flaw

According to Adobe, attackers are embedding a maliciously crafted SWF file in Excel spreadsheet documents delivered as email attachments. Once the Excel document is opened, attackers can potentially take control of the victim’s system.

Acrobat X and Adobe Reader 10.0.1 and earlier are also potentially susceptible to the exploit, but an Adobe security bulletin claims there aren’t any known attacks in the wild.

Adobe Flash Player 10.2.152.33 and earlier, or Flash Player 10.2.154.18 for Chrome users, is impacted by this flaw. A fix is on the way, but Adobe doesn’t expect to have the patch available for a week.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

RonMacGuy

Wow, what a surprise.

geoduck

Well are they or aren’t they? If “attackers are embedding” that suggests it is happening and has been seen in the wild.
OTOH “an Adobe security bulletin claims there aren?t any known attacks in the wild.” that suggests they haven’t been seen.

More Adobe double-speak?
Oh I DO hate Flash so much…

Banner ads.
Pop-up/pop-under ads.
Crashes.
Hangs.
Malware.
Exploits.
Farmville.

FlipFriddle

Someone in the tech industry should make a stand against this old, buggy, proprietary software. . .

BurmaYank

“Well are they or aren?t they? If ?attackers are embedding? that suggests it is happening and has been seen in the wild. OTOH ?an Adobe security bulletin claims there aren?t any known attacks in the wild.? that suggests they haven?t been seen… More Adobe double-speak?”

“According to Adobe, attackers are embedding a maliciously crafted SWF file in Excel spreadsheet documents delivered as email attachments. Once the Excel document is opened, attackers can potentially take control of the victim?s system..
... but an Adobe security bulletin claims there aren?t any known attacks in the wild.”

ISTM that if all those ‘attackers’ were actually Adobe employee SW testers &/or Adobe’s security researcher allies, then this Adobe security bulletin would not constitute double-speak.

But, yes, I TOO DO hate Flash so much?

Lee Dronick

Oh I DO hate Flash so much?

Banner ads.
Pop-up/pop-under ads.

The ads will always be with us, they pay for the “free” websites such as this one. What I hate are blipvert style of ads that make my head want to asplode.

Flash is becoming less and less common these days. I still see news clips, but thankfully Flash navigation is quickly going away.

BurmaYank

Someone in the tech industry should make a stand against this old, buggy, proprietary software. . .

Someone besides Steve?

Maybe his bold stand just needs more time to work & ferment - maybe he has already fired the fatal shot, and Flash is now only a ‘dead-man-walking’ for just a little while longer.

Ethan

“Flash is becoming less and less common these days…”

Actually in elearning it holds over 90% of the market. Only way to economically and efficiently build interactive simulations with a variety of 3D and multimedia elements controlled by complex logic. Only way to avoid fragmentation that the browsers create with their differences. Only option if your client wants drm on their video assets.

We consistently have very low tech support calls for : hangs, crashes or slow cpu performance in our courseware.

The Flash Platform is used in a lot more places than public facing websites with ads. The lack of awareness to the depth of Flash penetration and the varied uses across industries on this board just remindes me what happens when your in the reality distortion field.

mhikl

This is a case of Walled Garden vs Refuse Dump. The likes of M$ and Adobe will be but sad memories in five years. Android will be relegated to the tinker niche (the poor kind) remembered as barely a burp at a turkey feast and Apple’s iPad will have supplanted the computer industry as the largest supplier in the land of computation and imagination. Bill will have run out of the money he needed to buy his way into the history of great philanthropists and Ballmer will be locked up in some squalid bedlam sanatorium performing vaudevillian acts at its gates for any passer-by with a bottle in his hand.

The universe is unfolding as it should.

Lee Dronick

We consistently have very low tech support calls for : hangs, crashes or slow cpu performance in our courseware.

For whom do you work?

Ethan

Elearning group inside BullziSecurity, Inc. We never get calls due to crashes, slowdowns, hangs etc on the execution of the user machine (unless it is waiting for the network latency to clear up).

On a personal note I dev on a MacBook Pro and on my old 2006 MBP rig the software decoding of video that flash was forced to use, since Apple would not give access to the gpu (which QT had at the time), would use a lot of cpu. On my new 2010 MacBook Pro that has the nvidia gpu that Apple opened up to Adobe for direct acceleration I can watch full screen soccer at ESPN3 without the fans ever going above the 2100 rpm range.

My timecapsule backup takes more cpu usage and creates more heat these days.

Nemo

And once again, in what is a regular occurrence, I’ve disabled Flash on all of my personal browsers.

Lee Dronick

Elearning group inside BullziSecurity, Inc

I just a took a look at your website. That is grownup stuff, I had assumed your courses were for school children.

ethan

Yes-mostly security and gov’t regulation stuff: how to secure medicare records/data, how to be aware of phishing emails, to spot social engineering vectors, how to code securely. We did roll out a high level H1N1 course for students last fall in a new jersey area school district.

The audiences are rather distinct in how you construct content (speaking visually here vs the tone of the writing.) The k-12 have varying mental development, different distractions, there cognitive absorption works differently, social dynamics are intense. It’s not easy producing for both unless your the size of Pearson.

I always thought elearning for Sprout, Sesame Street or leap frog would be cool-very different world.

furbies

Yes-mostly security and gov?t regulation stuff: how to secure medicare records/data, how to be aware of phishing emails, to spot social engineering vectors, how to code securely

Now if only the US Govt had taken note there’d be no wikileaks….....

Lee Dronick

ethan said:Yes-mostly security and gov?t regulation stuff: how to secure medicare records/data, how to be aware of phishing emails, to spot social engineering vectors, how to code securely
Now if only the US Govt had taken note there?d be no wikileaks

I think most, if not all, of our Wikileaks wasn’t from hacking, but from someone giving it out. I don’t know if Pvt Manning did or not do it, but it is often the human factor that causes the damage. I was still in the Navy when the Walker spy scandal broke and he reportedly said “Kmart has better security than the Navy.”

Log-in to comment