Sign in with
Sign up | Sign in

Yet Another Critical Flaw in Adobe Flash Exposed

By - Source: Tom's Hardware US | B 34 comments

Mind those attachments.

Another critical issue has come from Adobe's Flash. According to Abobe's note, the vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe says that this vulnerability is a serious one that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform.

Adobe says that it is currently in the process of finalizing a schedule for delivering a fix.

Discuss
Display all 34 comments.
This thread is closed for comments
  • 3 Hide
    ujaansona , April 14, 2011 6:47 AM
    Quote:
    Adobe says that it is currently in the process of finalizing a schedule for delivering a fix.

    That's VERY Comforting...
  • 1 Hide
    belardo , April 14, 2011 7:15 AM
    Quote:
    Abobe's note, the vulnerability exists in Flash Player 10.2.153.1 and... on and on...


    Like as if anyone can really keep up with the version numbers.

    How about say it this way: All versions of Adobe Flash 10.x and 9.x have a Critical Flaw?

    Duh
  • 0 Hide
    HappyBB , April 14, 2011 7:20 AM
    Come on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!
  • -1 Hide
    fstrthnu , April 14, 2011 7:23 AM
    You could probably make a monthly newsletter JUST from flash bug announcements...
  • 3 Hide
    joytech22 , April 14, 2011 7:27 AM
    Quote:
    Adobe says that it is currently in the process of finalizing a schedule for delivering a fix.


    Exploits sound hard to patch when they say it like that.

    Adobe tries to keep it's software safe, no matter what every single advanced program (one with "proper" features such as ability to show pictures, type text, display text, save data and read it) are vulnerable to some sort of exploit, even Anti-virus software can succumb to exploits.
  • 2 Hide
    Vladislaus , April 14, 2011 7:34 AM
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!

    HTML5 is not even finalized. And even when it is it will take some time until w3c recommends it.
  • 2 Hide
    nevertell , April 14, 2011 7:45 AM
    Flashblock, anyone ?
  • 1 Hide
    PreferLinux , April 14, 2011 8:22 AM
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!

    HTML5 isn't that great. AFAIK, the HTML5 element is the only thing you use for drawing, and it is raster. Flash is mainly vector. And all your canvas stuff is drawn and animated with JavaScript. So I'd actually think HTML5 would need more resources than Flash!
  • 1 Hide
    kanape , April 14, 2011 9:13 AM
    PreferLinuxHTML5 isn't that great. AFAIK, the HTML5 element is the only thing you use for drawing, and it is raster. Flash is mainly vector. And all your canvas stuff is drawn and animated with JavaScript. So I'd actually think HTML5 would need more resources than Flash!


    there is svg tag for vectors ;) 
  • 4 Hide
    Tomtompiper , April 14, 2011 9:43 AM
    This is only a problem for those stupid enough to open documents or run programs sent to them by unsolicited email. In which case they deserve everything they get.
  • 2 Hide
    leafblower29 , April 14, 2011 10:04 AM
    nevertellFlashblock, anyone ?

    In a Word document?
  • 1 Hide
    shin0bi272 , April 14, 2011 11:06 AM
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!


    I think there are some youtube videos running html5... test them out see how laggy they are. They take 3x longer to queue than normal and are constantly buffering. yeah enjoy that html5.
  • 1 Hide
    Pherule , April 14, 2011 11:57 AM
    As a user, I loathe using flash sites.
    As a web developer, I loathe designing flash sites.

    Somehow, flash needs to die.
  • 1 Hide
    killerclick , April 14, 2011 12:02 PM
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!


    Yeah, and which browsers support HTML 5 and what is their combined usage share? Idiot!
  • 1 Hide
    ericburnby , April 14, 2011 12:42 PM
    TomtompiperThis is only a problem for those stupid enough to open documents or run programs sent to them by unsolicited email. In which case they deserve everything they get.

    Thank you for the wonderful advice. I'm now going to un-install all my anti-virus and security software since all I really need to to is ony open mail I trust.
  • 2 Hide
    virtualban , April 14, 2011 12:43 PM
    meh, some trolls do manage to survive after all... you know who you are, no need to perpetuate your words :) 
  • 0 Hide
    K2N hater , April 14, 2011 1:04 PM
    PheruleAs a user, I loathe using flash sites.As a web developer, I loathe designing flash sites.Somehow, flash needs to die.

    That's cruel! Lazy coders and data miners can't live without Flash.
  • 3 Hide
    back_by_demand , April 14, 2011 1:04 PM
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!

    And automattically turn off about 90% of internet content because HTML5 hasn't been put in place to replace it all yet.
    So Youtube has some HTML5 content, whoopy-do, what about the other 10 bazillion websites?
  • 0 Hide
    Anonymous , April 14, 2011 1:30 PM
    So this is one place where I think Google messed up with Chrome. I think it was wrong to tie Flash into its browser. I would prefer a easier way to disable Flash or remove it. I really think Flash has to be one of the most sought after plug ins for hackers. I did understand Apple's stance on Flash until just recently. I am coming around to their thinking on Flash. But I am sure if Flash went away, the target would be something else.
  • 0 Hide
    rantoc , April 14, 2011 2:06 PM
    jescott418So this is one place where I think Google messed up with Chrome. I think it was wrong to tie Flash into its browser. I would prefer a easier way to disable Flash or remove it. I really think Flash has to be one of the most sought after plug ins for hackers. I did understand Apple's stance on Flash until just recently. I am coming around to their thinking on Flash. But I am sure if Flash went away, the target would be something else.


    And expect google to scrap its "supercookies" among other good ways to use flash to track your habbits? They live by tracking your every move on the net.
Display more comments