• On mySimon: Bacon Soap
February 25, 2009 4:36 PM PST

Adobe patches Flash hole

by Elinor Mills
  • Font size
  • Print
  • 6 comments

Adobe released a patch for a Flash player hole this week that could allow an attacker to remotely take control of a computer.

The vulnerability is critical for one for Adobe Flash Player 10.0.12.36 and earlier versions, the company said in an advisory.

To exploit the vulnerability, a targeted user must load a malicious Shockwave Flash file, which can be done by social engineering the user or injecting malicious content into a compromised, trusted Web site, according to an advisory from security firm iDefense.

Internet Explorer and Firefox plug-ins can be used to temporarily block and unblock Flash content, iDefense said.

While Adobe was releasing news about the Flash vulnerability, more information was surfacing about the hole in Adobe Reader 9 and Acrobat 9 that was announced last week. A patch is due by March 11.

Security company Sourcefire, which released a patch of its own, told IDG News Service that it has found evidence of attacks exploiting the vulnerability for more than six weeks.

There were two critical vulnerabilities in Adobe Reader last year that resulted in remote code execution exploits, according to an entry on the IBM Internet Security Systems blog.

"Currently, we have only witnessed this [new] exploit in highly targeted attacks and have not detected this exploit utilized heavily in the wild yet," the blog entry said. "But it is unknown how long it will be before we see this spread quickly through malicious websites. Milw0rm just released proof-of-concept exploit code. So, we don't expect it to take long before this exploit moves beyond targeted attacks to malicious exploit toolkit integration and widespread exploitation."

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Adobe,

Flash,

security,

Reader,

exploit

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Related
Free alternatives to Adobe Reader
Expert says Adobe Flash policy is risky
Phishing, worms spike this year, say Microsoft and McAfee
Browser security features compared
Microsoft patches critical hole in Windows kernel
Microsoft warns of IE exploit code in the wild
Microsoft probing Windows 7 zero-day hole
Adobe releases new Flash, AIR betas
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
by loose_screw February 25, 2009 5:03 PM PST
Thanks for the info. I updated my Flash player using the procedures noted here:

http://news.cnet.com/seven-steps-to-update-the-adobe-flash-player-on-windows/
Reply to this comment
by n3td3v February 25, 2009 6:29 PM PST
Don't add third party patches to your Abode or your service warrant will be invalid.
Reply to this comment
by Mame33 February 26, 2009 6:49 PM PST
Beware. I just updated flash player and it installs the Google toolbar without your permission. It never asks. Its an automatic install, it doesn't download, flash player just installs and never gives you a choice for the Google toolbar.
Reply to this comment
by kralimarko February 27, 2009 12:08 PM PST
You must be vision impaired or have troubles reading. Of course you can opt out of it.
by fdunn3 February 27, 2009 3:21 PM PST
"Adobe patches Flash hole"

You know that's illegal in most states ;-)
Reply to this comment
by ronjean.hilditch February 28, 2009 7:56 AM PST
How vulnerable are we at the moment and when can we expect the patch
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

Let the battle for holiday gadget shoppers begin

Retailers try different strategies for competing with behemoths like Amazon and Wal-Mart in the cutthroat competition to lure those giving electronics as gifts.

Firefox hopes to one-up IE with fast graphics

Windows 7 features called Direct2D and DirectWrite will speed up Internet Explorer 9 performance. But Firefox hopes it might retool for the same benefit first.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET