ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe plugs security hole in Flash Player

By | March 22, 2011, 5:59am PDT

Summary: The new Adobe Flash Player 10.2.153.1 patches a vulnerability (CVE-2011-0609) that could cause a system crash or allow an attacker to take complete control of the affected machine.

Adobe has released a Flash Player update to fix a critical security hole that was being used to in targeted malware attacks.

The new Adobe Flash Player 10.2.153.1 patches a vulnerability (CVE-2011-0609) that could cause a system crash or allow an attacker to take complete control of the affected machine.

Adobe confirmed earlier reports that this vulnerability was being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment.follow Ryan Naraine on twitter

[ SEE: Adobe warns of Flash Player zero-day attack ]

The company said it was not aware of attacks targeting Adobe Reader and Acrobat, noting that Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

For more details on the latest update, see this Adobe advisory.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Macromedia Flash Player, Security, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
14
Comments
Add Your Opinion

Join the conversation!

Just In

adobe
wpdev305 Updated - 10th Oct
@puppadave I've had Flash crashing Netscape, Mozilla, SeaMonkey and Firefox on PCs for years, on Windows 98 and Windows XP. For the last couple of years it's been crashing SeaMonkey and Firefox on Linux for me as well. candidate grading
View in thread
0 Votes
+ -
Announcement
Robert Hahn 22nd Mar 2011
Your Ministry of Truth reminds all party members that today's Two Minutes' Hate will be directed at the software company Adobe and its runtime library "Flash Player."

Please demonstrate your Pavlovian response to Big Brother's direction by expressing your hatred for Adobe, an Enemy Of The People. Long live Big Brother!
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
computerchipt 22nd Mar 2011
@Robert Hahn
Adobe sure does make it easy for such a response.
0 Votes
+ -
Wow...
LTV10 22nd Mar 2011
Bitter Adobe shills around, aren't there...

wink
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
puppadave 22nd Mar 2011
and its about time they got off their collective a**es and did something!!!
0 Votes
+ -
adobe
wpdev305 Updated - 10th Oct
@puppadave I've had Flash crashing Netscape, Mozilla, SeaMonkey and Firefox on PCs for years, on Windows 98 and Windows XP. For the last couple of years it's been crashing SeaMonkey and Firefox on Linux for me as well. candidate grading
0 Votes
+ -
OMG... old news & so ridiculous as to be ASININE!!!
Monarky Updated - 22nd Mar 2011
First off; when is the common user ever going to get an email with an Excel document in it.... number one!
Second; when are you NOT going to notice that it's a really huge file to begin with? "oh... look I just got an .xls doc that's 5mb.... wow I'll be scrolling that suxorz foreverzzz! ...from Hasam Abdul in Nigeria? Who's he?. Wonderful!
Third; hmmm..... it's a FLASH file my Antivirus program says it's infected. Guess I won't open it anyway!

Yeah.... nobody I know is dumb enough or even knows how to embed FLASH in an Excel document. Nor has anyone I know ever received an .xls doc and most of all it better be a really important .xls doc that I'm expecting to even want to open it in the first place. So you'd also have to be a geek MS Office user as well!!!

In other words; odds are a MILLION to ONE of anyone you know ever getting one of these and that's why Adobe isn't even bothering fix a bug, that Microsoft could fix real easy by not allowing FLASH to be embedded in an Excel document in the first place. So the bug or flaw is not Adobe's fault.... as much as it's Microsoft's with their embedded flash player ability in Excel!!!
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
cwallen19803@... 22nd Mar 2011
@Monarky

So you don't use Excel much at work, but as hard as it may be for you to believe, many people do. We get Excel documents as attachments. We open them. We get really big Excel documents as attachments and we open them. It's called work.

Your point about not opening attachments from people you don't know or that have been flagged by an AV program is on the mark.

I'll bet there are more geek MS Office users out there than you can imagine.
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
puppadave 22nd Mar 2011
@cwallen19803@... I think you have "hit the nail right on the head" (and driven it into the heart of the matter)... But, as I am retired now, I don't have to worry about all the BS associated with MS Office and other "biz Apps" that use it
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
Monarky 22nd Mar 2011
@cwallen19803@... Anybody can make a FLASH player. It's not proprietary. Only the container extension is licensed. But that does not prevent unlicensed use of .swf extension and that's what this is about. So what Adobe did was expand the control a user has in opening or viewing FLASH embedded in another App with a kill switch, along with requiring authentication that can't be acquired except in an authorized player. By doing this, they've taken control out of M$'s idiotic hands and put it back in the user's! .....of that's if all you ignorant paranoid haters actually keep your programs up to date. If you aren't scanning your email with an anti-virus program before opening it.... and your employer is stupid enough to keep you in a job, YOU deserve to snaked by a hacker!!!
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
deborabonilha 22nd Sep
@Monarky
yea, i Agree in nobody I know is dumb enough or even knows how to embed FLASH, thanks !
Ar Condicionado Imoveis Acompanhantes Massagem
0 Votes
+ -
Atleast they are finally releasing updates much faster
MrElectrifyer 22nd Mar 2011
No matter how hard they try, Adobe just can't fully patch flash nor any of it's *digital* products. It will only require a much smarter hacker to exploit it, and believe me, the upcoming generation is filled with more computer experts.

Probably a 14 year old could find another exploit within a week; it has occured on the hardwares B4 and it can occur again in the softwares
0 Votes
+ -
@ The Flash Player Update Link...
EZ411 Updated - 24th Mar 2011
Thanks for the alert Ryan.

@ Adobe - Install Adobe Flash Player
http://get.adobe.com/flashplayer

Cheers.
Steven Hotelling
https://twitter.com/411BB/status/50682250110574592
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
talih Updated - 12th Aug
Great!!! thanks for sharing this information to us !
sesli chat sesli sohbet
0 Votes
+ -
RE: Adobe plugs security hole in Flash Player
alimentacao 9th Sep
Your point about not opening attachments from people you don't know or that have been flagged by an AV program is on the mark.Thanks !!!
Saude
Acompanhantes
Pecas

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix