Yet Another Critical Flaw in Adobe Flash Exposed

News
By Marcus Yam
published

Mind those attachments.

Another critical issue has come from Adobe's Flash. According to Abobe's note, the vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe says that this vulnerability is a serious one that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform.

Adobe says that it is currently in the process of finalizing a schedule for delivering a fix.

Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
34 Comments Comment from the forums
  • ujaansona
    Adobe says that it is currently in the process of finalizing a schedule for delivering a fix.
    That's VERY Comforting...
    Reply
  • belardo
    Abobe's note, the vulnerability exists in Flash Player 10.2.153.1 and... on and on...

    Like as if anyone can really keep up with the version numbers.

    How about say it this way: All versions of Adobe Flash 10.x and 9.x have a Critical Flaw?

    Duh
    Reply
  • HappyBB
    Come on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!
    Reply
  • fstrthnu
    You could probably make a monthly newsletter JUST from flash bug announcements...
    Reply
  • joytech22
    Adobe says that it is currently in the process of finalizing a schedule for delivering a fix.

    Exploits sound hard to patch when they say it like that.

    Adobe tries to keep it's software safe, no matter what every single advanced program (one with "proper" features such as ability to show pictures, type text, display text, save data and read it) are vulnerable to some sort of exploit, even Anti-virus software can succumb to exploits.
    Reply
  • Vladislaus
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!HTML5 is not even finalized. And even when it is it will take some time until w3c recommends it.
    Reply
  • nevertell
    Flashblock, anyone ?
    Reply
  • PreferLinux
    HappyBBCome on, retire Flash now! Use HTML5 instead. Flash now gives me a deeper impression that it's resource hungry and unreliable!HTML5 isn't that great. AFAIK, the HTML5 element is the only thing you use for drawing, and it is raster. Flash is mainly vector. And all your canvas stuff is drawn and animated with JavaScript. So I'd actually think HTML5 would need more resources than Flash!
    Reply
  • kanape
    PreferLinuxHTML5 isn't that great. AFAIK, the HTML5 element is the only thing you use for drawing, and it is raster. Flash is mainly vector. And all your canvas stuff is drawn and animated with JavaScript. So I'd actually think HTML5 would need more resources than Flash!
    there is svg tag for vectors ;)
    Reply
  • Tomtompiper
    This is only a problem for those stupid enough to open documents or run programs sent to them by unsolicited email. In which case they deserve everything they get.
    Reply