• On The Insider: Britney's Bikini-Clad Top 10
February 25, 2009 4:36 PM PST

Adobe patches Flash hole

by Elinor Mills
  • Font size
  • Print
  • 6 comments

Adobe released a patch for a Flash player hole this week that could allow an attacker to remotely take control of a computer.

The vulnerability is critical for one for Adobe Flash Player 10.0.12.36 and earlier versions, the company said in an advisory.

To exploit the vulnerability, a targeted user must load a malicious Shockwave Flash file, which can be done by social engineering the user or injecting malicious content into a compromised, trusted Web site, according to an advisory from security firm iDefense.

Internet Explorer and Firefox plug-ins can be used to temporarily block and unblock Flash content, iDefense said.

While Adobe was releasing news about the Flash vulnerability, more information was surfacing about the hole in Adobe Reader 9 and Acrobat 9 that was announced last week. A patch is due by March 11.

Security company Sourcefire, which released a patch of its own, told IDG News Service that it has found evidence of attacks exploiting the vulnerability for more than six weeks.

There were two critical vulnerabilities in Adobe Reader last year that resulted in remote code execution exploits, according to an entry on the IBM Internet Security Systems blog.

"Currently, we have only witnessed this [new] exploit in highly targeted attacks and have not detected this exploit utilized heavily in the wild yet," the blog entry said. "But it is unknown how long it will be before we see this spread quickly through malicious websites. Milw0rm just released proof-of-concept exploit code. So, we don't expect it to take long before this exploit moves beyond targeted attacks to malicious exploit toolkit integration and widespread exploitation."

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Adobe,

Flash,

security,

Reader,

exploit

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Log in with your face
See what's under McAfee's new interface
26 Windows, Office holes patched in 13 bulletins
McAfee: Spammers exploiting more news stories
Microsoft, Google split over browser bug bounty
Verizon temporarily blocks some 4chan sites
Security software maker Vitamin D exits beta
China breaks up Black Hawk hacking ring
Related
Fixes in for Windows 2000, Adobe Reader
Patch time! Adobe updates Reader, Acrobat for critical vulnerabilities
Behind the China attacks on Google (FAQ)
Browse safely with Internet Explorer
Apple fixes a dozen holes in Mac OS X
New IE hole exploited in attacks on U.S. firms
PDFs not showing in Safari
Google's challenge in China
Add a Comment (Log in or register) (6 Comments)
  • prev
  • next
by loose_screw February 25, 2009 5:03 PM PST
Thanks for the info. I updated my Flash player using the procedures noted here:<br /><br />http://news.cnet.com/seven-steps-to-update-the-adobe-flash-player-on-windows/
Reply to this comment
by n3td3v February 25, 2009 6:29 PM PST
Don't add third party patches to your Abode or your service warrant will be invalid.
Reply to this comment
by Mame33 February 26, 2009 6:49 PM PST
Beware. I just updated flash player and it installs the Google toolbar without your permission. It never asks. Its an automatic install, it doesn't download, flash player just installs and never gives you a choice for the Google toolbar.
Reply to this comment
by kralimarko February 27, 2009 12:08 PM PST
You must be vision impaired or have troubles reading. Of course you can opt out of it.
by fdunn3 February 27, 2009 3:21 PM PST
"Adobe patches Flash hole" <br /> <br />You know that's illegal in most states ;-)
Reply to this comment
by ronjean.hilditch February 28, 2009 7:56 AM PST
How vulnerable are we at the moment and when can we expect the patch
Reply to this comment
(6 Comments)
  • prev
  • next
advertisement

Google's social side aims for some Buzz

Facebook and Twitter are the darlings of the social-media world, not Google--which hopes to change that with Buzz, betting it can organize your online social life.

Watching the birth of a gaming start-up

Stewart Butterfield and his friends are back at it with a new company. CNET's Daniel Terdiman was given exclusive, behind-the-scenes access as they built it from scratch.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET