Adobe plugs security hole in Flash Player

Adobe plugs security hole in Flash Player

Summary: The new Adobe Flash Player 10.2.153.1 patches a vulnerability (CVE-2011-0609) that could cause a system crash or allow an attacker to take complete control of the affected machine.

SHARE:

Adobe has released a Flash Player update to fix a critical security hole that was being used to in targeted malware attacks.

The new Adobe Flash Player 10.2.153.1 patches a vulnerability (CVE-2011-0609) that could cause a system crash or allow an attacker to take complete control of the affected machine.

Adobe confirmed earlier reports that this vulnerability was being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment.follow Ryan Naraine on twitter

[ SEE: Adobe warns of Flash Player zero-day attack ]

The company said it was not aware of attacks targeting Adobe Reader and Acrobat, noting that Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

For more details on the latest update, see this Adobe advisory.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Announcement

    Your Ministry of Truth reminds all party members that today's Two Minutes' Hate will be directed at the software company Adobe and its runtime library "Flash Player."

    Please demonstrate your Pavlovian response to Big Brother's direction by expressing your hatred for Adobe, an Enemy Of The People. Long live Big Brother!
    Robert Hahn
    • RE: Adobe plugs security hole in Flash Player

      @Robert Hahn
      Adobe sure does make it easy for such a response.
      computerchipt
    • Wow...

      Bitter Adobe shills around, aren't there...

      ;)
      LTV10
  • RE: Adobe plugs security hole in Flash Player

    and its about time they got off their collective a**es and did something!!!
    puppadave
    • adobe

      @puppadave I've had Flash crashing Netscape, Mozilla, SeaMonkey and Firefox on PCs for years, on Windows 98 and Windows XP. For the last couple of years it's been crashing SeaMonkey and Firefox on Linux for me as well. <a style="text-decoration: none; color: #333333;" href="http://www.cangrade.com/">candidate grading</a>
      wpdev305
  • OMG... old news & so ridiculous as to be ASININE!!!

    First off; when is the common user ever going to get an email with an Excel document in it.... number one!<br>Second; when are you NOT going to notice that it's a really huge file to begin with? "oh... look I just got an .xls doc that's 5mb.... wow I'll be scrolling that suxorz foreverzzz! ...from Hasam Abdul in Nigeria? Who's he?. Wonderful!<br>Third; hmmm..... it's a FLASH file my Antivirus program says it's infected. Guess I won't open it anyway!<br><br>Yeah.... nobody I know is dumb enough or even knows how to embed FLASH in an Excel document. Nor has anyone I know ever received an .xls doc and most of all it better be a really important .xls doc that I'm expecting to even want to open it in the first place. So you'd also have to be a geek MS Office user as well!!!

    In other words; odds are a MILLION to ONE of anyone you know ever getting one of these and that's why Adobe isn't even bothering fix a bug, that Microsoft could fix real easy by not allowing FLASH to be embedded in an Excel document in the first place. So the bug or flaw is not Adobe's fault.... as much as it's Microsoft's with their embedded flash player ability in Excel!!!
    Monarky
    • RE: Adobe plugs security hole in Flash Player

      @Monarky

      So you don't use Excel much at work, but as hard as it may be for you to believe, many people do. We get Excel documents as attachments. We open them. We get really big Excel documents as attachments and we open them. It's called work.

      Your point about not opening attachments from people you don't know or that have been flagged by an AV program is on the mark.

      I'll bet there are more geek MS Office users out there than you can imagine.
      cwallen19803@...
      • RE: Adobe plugs security hole in Flash Player

        @cwallen19803@... I think you have "hit the nail right on the head" (and driven it into the heart of the matter)... But, as I am retired now, I don't have to worry about all the BS associated with MS Office and other "biz Apps" that use it
        puppadave
      • RE: Adobe plugs security hole in Flash Player

        @cwallen19803@... Anybody can make a FLASH player. It's not proprietary. Only the container extension is licensed. But that does not prevent unlicensed use of .swf extension and that's what this is about. So what Adobe did was expand the control a user has in opening or viewing FLASH embedded in another App with a kill switch, along with requiring authentication that can't be acquired except in an authorized player. By doing this, they've taken control out of M$'s idiotic hands and put it back in the user's! .....of that's if all you ignorant paranoid haters actually keep your programs up to date. If you aren't scanning your email with an anti-virus program before opening it.... and your employer is stupid enough to keep you in a job, YOU deserve to snaked by a hacker!!!
        Monarky
    • RE: Adobe plugs security hole in Flash Player

      @Monarky
      yea, i Agree in nobody I know is dumb enough or even knows how to embed FLASH, thanks !
      <p><a href="http://www.e-arcondicionado.com/">Ar Condicionado</a> <a href="http://www.imoveisexpress.com.br/">Imoveis</a> <a href="http://www.modelosdeelite.com.br/">Acompanhantes</a> <a href="http://www.webdocorpo.com.br/massagem">Massagem</a></p>
      deborabonilha
  • Atleast they are finally releasing updates much faster

    No matter how hard they try, Adobe just can't fully patch flash nor any of it's *digital* products. It will only require a much smarter hacker to exploit it, and believe me, the upcoming generation is filled with more computer experts.

    Probably a 14 year old could find another exploit within a week; it has occured on the hardwares B4 and it can occur again in the softwares
    MrElectrifyer
  • @ The Flash Player Update Link...

    Thanks for the alert Ryan.

    @ Adobe - Install Adobe Flash Player
    http://get.adobe.com/flashplayer

    Cheers.
    Steven Hotelling
    https://twitter.com/411BB/status/50682250110574592
    EZ411
  • RE: Adobe plugs security hole in Flash Player

    Great!!! thanks for sharing this information to us !
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih
  • RE: Adobe plugs security hole in Flash Player

    Your point about not opening attachments from people you don't know or that have been flagged by an AV program is on the mark.Thanks !!!
    <a href="http://www.webdocorpo.com.br/">Saude</a>
    <a href="http://www.modelosdeelite.com.br/">Acompanhantes</a>
    <a href="http://loja.fbfauto.com.br/">Pecas</a>
    alimentacao