In the wild Flash hack prompts emergency Adobe security patch

Updated happygeek 0 Tallied Votes 706 Views Share

If you are a user of Adobe Flash, be sure to apply the latest security update if you want to avoid becoming part of an in-the-wild attack exploiting a vulnerability which currently seems to be exploiting users of Internet Explorer on the Windows platform only. Adobe has, however, issued an emergency security patch for Android, Linux and Mac users as well as those with Windows which kind of suggests it could be indicative of a wider problem with the software.

dweb-flash Adobe is recommending that any users of Flash Player v11.2.202.233 and earlier for Windows, Mac and Linux should update to v11.2.202.235 and Android 4.x users of v11.1.115.7 and earlier should update to, Android 3.x users of should move to while those users with the Google Chrome installed Flash Player need do nothing as the update will have been applied automatically.

The Adobe Security Bulletin (APSB12-09) is determined as being critical, with the object confusion vulnerability (CVE-2012-0779) being actively exploited in the wild as I write. The exploit will arrive in the form of an email with attachment, and infection can only occur if the user clicks on that attached file to execute it. Once again, it's a message to all those who have itchy link-clicking fingers not to blindly think everything you get sent in the mail is OK to look at.

Windows users who opted in to the recently introduced silent update feature will have been protected by the security update as soon as it was made available and need do nothing further in order to protect all web browser clients installed on their system.

Adobe advise users who are confused about which version of Flash they are currently running to access the 'About Flash Player' page or right-click on any content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. A check which will have to be applied for every browser you have installed if you have not applied that silent update feature on Windows.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Had an interesting chat with a 'security researcher' friend of mine who pondered: is Adobe the new Microsoft as far as being sloppy on the security coding front is concerned, or should we really be pointing the finger of blame in the direction of JavaScript for the problems that both companies face with regards to browser-based exploits?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.