Topic: Security

Adobe warns: Flash Player malware hitting IE on Windows users

Summary: Although the vulnerability affects Flash Player on all platforms, the malware attacks target Flash Player on Internet Explorer for Windows only.

By Ryan Naraine for Zero Day | May 4, 2012 -- 08:24 GMT (01:24 PDT)

Follow @ryanaraine

Adobe has shipped an extremely urgent Flash Player patch to block in-the-wild malware attacks against Windows users.

Adobe described the attacks as "targeted" and warned that malicious Flash files are being delivered in e-mail messages.

Although the vulnerability affects Flash Player on all platforms, the malware attacks target Flash Player on Internet Explorer for Windows only.

According to Adobe's advisory, the patch is available for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x.

"These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system," Adobe said.

There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Windows users should treat this update with the utmost priority, Adobe said.

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

27 comments

Log in or register to join the discussion

more reasons to switch to Linux

no vulnerability there.

The Linux Geek
4 May, 2012 08:51

Reply Vote
- Read the article
  
  The vulnerability affects Flash Player on [u]all[/u] platforms. This attack affects IE only. That's a major distinction there.
  
  Michael Kelly
  4 May, 2012 08:56
  
  Reply Vote
  - Exactly
    
    And before TLG tries to spin it, here's the direct quote from Adobe's website regarding the update:
    
    "Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh [b]and Linux[/b] update to Adobe Flash Player 11.2.202.235. " (emphasis added).
    
    spdragoo@...
    4 May, 2012 09:03
    
    Reply Vote
- RE: more reasons to switch to Linux
  
  From the article:
  [i]the vulnerability affects Flash Player on [b]all[/b] platforms[/i]
  
  This includes the Linux desktop. However, with a 1-2% market share, the malware miscreants aren't going to bother with it even if desktop Linux users ignore the update notification for Adobe's Flash Player. Best to apply the update when notified, though.
  
  It is true that desktop Linux, with or without one's browser protected by LSM, is a safer platform for web browsing than either Windows or OS X.
  
  Rabid Howler Monkey
  4 May, 2012 09:00
  
  Reply Vote
  - +1 for Rabid Howler Monkey
    
    Of all who put down their thoughts here, you are the most consistent and sensible.
    
    I won't get into the merits of LSM today. Everybody gets a vacation day. :/
    
    DTS Your Linux Advocate
    4 May, 2012 09:13
    
    Reply Vote
  - Ya have to admit
    
    Ya have to admit most of the freetards are not going to download them happy face icons and get their systems infected. This is actually a compliment cant help myself saying freetards though LOL
    
    Stan57
    4 May, 2012 11:35
    
    Reply Vote
  - Of course...
    
    There are plenty of Linux users who don't install Flash too, it is FAR less widespread than on Mac or Windows.
    
    (The reasons are various - but there are plenty of "open-source only" desktops and servers)
    
    jeremychappell
    4 May, 2012 17:44
    
    Reply Vote
This doesn't count, right?

After all, this is only a problem in a 3rd party component so this malware doesn't count.

Please don't report on these issues any more or we will have to start accusing you of being anti-MS.

/sarcasm directed at whiny Apple users complaining about Flashback coverage.

toddbottom3
4 May, 2012 09:05

Reply Vote
- Where's Ed Bott?
  
  If ZDNet "journalists" manage to squeeze eight articles out of this one, then we'll maybe stop whining.
  
  windypops
  4 May, 2012 09:27
  
  Reply Vote
  - No you won't
    
    no matter how many articles ZDNet or Ed Bott "squeezes out" about a Windows malware issue... even if they write 1 article about Mac malware to 20 about Windows malware you will still whine about how everyone picks on macs...
    
    NonFanboy
    4 May, 2012 09:59
    
    Reply Vote
  - Will too...
    
    Not "everyone", just the bargain-basement hacks that write for this godforsaken board.
    
    *edit* is this the sort of forum software you get if you put a dozen monkeys in a room with a PC and a copy of VB? Meant to be replying to @NonFanboy.
    
    windypops
    4 May, 2012 10:11
    
    Reply Vote
  - Given some of the rabid Mac zealots
    
    I doubt it. Of course it's the same with the die hard Windows zealots and the Linux zealots too... they get upset when there is a perceived attack or any sort of criticism about their precious.
    
    NonFanboy
    4 May, 2012 18:51
    
    Reply Vote
  - If the Apple oriented bloggers
    
    If the Apple oriented bloggers at ZDnet were willing to address security related issues Ed Bott wouldn't need to. For my part I do own a Macbook Pro (which I don't use nearly as much as my Windows books but I do use it occasionally) and I'm glad Ed is talking about Flashback, without his writing about it I wouldn't know about it and never would have installed the necessary updates to prevent the problem.
    
    Doctor Demento
    4 May, 2012 20:12
    
    Reply Vote
- plugins
  
  I think this just goes to show what I've been saying for a while - the new malware battleground is plugins, not the OS per se.
  
  I think the distinction IS important, because users need to understand the risks they run when installing plugins, and the need to keep them fully patched (not just the OS).
  
  jeremychappell
  4 May, 2012 17:48
  
  Reply Vote
- There are zealots and there are zealots
  
  There are zealots on all sides, championing their OS of choice and that's fine. The problem is when the writers themselves are the zealots. I appreciate that Mac malware is big news, but there's a couple of things that should be borne in mind: the "Macs don't get viruses" advert aired in 2006; Apple advised users (albeit quietly) to install antivirus software in 2008. Meanwhile, if you look at ZDNet's newsfeed from around the web, "Conficker continues to plague the enterprise" is just one example of how Windows malware is still very much out there, in big numbers.
  
  windypops
  5 May, 2012 02:23
  
  Reply Vote
  - Indeed
    
    And each writer here has their own bias - check out SJVN's artiles to see a real zealot for anything Linux, Google, and open source. Ed Bott does a fairly good job of keeping his bias in check but like the rest of us he does have a bias and it will come out. Despite my pseudonym I have my biases as far as tech - I do not take sides with the religious tech wars here as I use Apple, Microsoft, and Google products... they all have their pros and cons.
    
    What irritates me about the whole Mac malware issue is all the excuses and whining from the die hard frothing at the mouth Mac zealots - first "the malware did not exist, Macs were invulnerable" line - there are some who STILL say this even though Apple has released and maintained it's own antimalware solution - which BTW completely invalidates any claim that the antimalware companies are behind all of this. Then it's the inevitable "Windows has xxx malware"... like that has any bearing at all on what malware is on a Mac. And then it's the whole "everyone is attacking Macs" complaint. All the while there are Apple Store geniuses who STILL say that "Macs are invulnerable to malware. That Apple has a solution in place to prevent any sort of issues".
    
    I'll grant that since Mac OS X came on the scene the instances of Mac malware decreased greatly - I recall having some malware issues with my older Macs running OS 7 until I got experienced enough to avoid getting any. The malware instances now are creeping back up and I just cannot wrap my head around the mentality out there that the die hard Mac users have - why not just do some research, take the advised precautions, and stop acting like anyone who says there is malware for Macs is attacking the very core of their religion?
    
    NonFanboy
    5 May, 2012 07:08
    
    Reply Vote
  - An army of straw men cometh...
    
    Like I said, there are zealots on all sides. And your whole middle paragraph is just a whole load of straw men: "Mac zealots say this, Mac zealots say that, Apple geniuses say you don't need antivirus". Throw in a "Apple fanboys with their heads in the sand" and I think you might have a full house. You're presenting the ramblings of an idiot minority as being representative.
    
    My beef is that Bott has done eight (I think) articles on the recent Mac malware outbreak, weasel-worded to provoke just the right amount of comments and click-throughs. He might as well post a photo of himself flipping the bird with the caption, "Wah wah told you so!" It's laughably hubristic trolling-as-journalism, and even by this site's pitifully low standards, it stinks.
    
    windypops
    5 May, 2012 07:29
    
    Reply Vote
I've gotten several odd emails today...

...and I'm always suspicious.

Best advice: Don't install Flash. On any platform. Why take chances?

msalzberg
4 May, 2012 09:41

Reply Vote
- Best advice about Flash
  
  It's no coincidence that Flash blocks are the top rated and most downloaded browser plug ins.
  
  NonFanboy
  4 May, 2012 10:00
  
  Reply Vote
  - So who are the cowards
    
    voting my post above down and why do't you have the cajones to say why? I guess some people cannot face facts.
    
    NonFanboy
    5 May, 2012 07:09
    
    Reply Vote