Adobe warns of critical Flash vulnerability

February 8, 2013 // 10:45 a.m.

Tags: #adobe #adobe-flash #adobe-flash-player #chrome #flash-player #google-chrome #internet-explorer-10 #security #shockwave-flash #vulnerability

Adobe has released a critical patch for serious security vulnerabilities in its Flash Player software, warning that OS X and Windows users are under active attack.

The patches, which Adobe recommends should be installed on all systems with Flash Player across Windows, OS X, Android and Linux platforms, address vulnerabilities in the software that are being actively exploited in the wild by ne'er-do-wells intent on taking over computers for their own nefarious ends.

'Adobe is also aware of reports that [the vulnerability] is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content,' the company admitted in its security bulletin on the matter.

The flaw can be exploited via a maliciously-crafted SWF file, either through the user's browser or embedded in files opened by other applications - as with the Word document example given by Adobe. When exploited, it allows the attacker full control over the client system using the privilege level of the affected user.

It's a serious flaw, but hardly the first: the ubiquity of Adobe Flash Player and its presence in most browsers, either as embedded code or as a plug-in module, make it a favourite of crackers and virus-spreaders across the world. A similar emergency patch was released in August last year, itself following multiple emergency patches dating back to the launch of the software. That's not even getting into the issue of Adobe Acrobat or the company's free Adobe Reader packages, which have their own troubled history.

Those who have Flash Player installed as a plug-in in their browser are advised to download and install the update as soon as possible, while users of Google Chrome and Microsoft Internet Explorer 10 will need to sit tight and wait for the companies to patch the built-in Flash Player code.

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU