New Flash Player vulnerability under attack

Another Adobe exploit is lurking in the wild, it has been revealed.

security button

Adobe has posted a security advisory to warn about the vulnerability in its Flash Player.

Adobe's Product Security Incident Response Team wrote in its blog that the vulnerability could cause a crash and potentially allow an attacker to take control of an affected system.

More ominously, it continued: "There are reports that this vulnerability is being actively exploited in the wild against Flash Player on Windows."

The team has promised a fix but there is a delay. Although it said "we are in the process of finalising a fix", it is obviously a euphemism for "working on" as the first updates will not be available until the end of this month.

Apart from Windows, other affected versions comprise Macintosh, Linux and Solaris running Flash Player 10.1.82.76 or earlier. Adobe Flash Player 10.1.92.10 for Android is also vulnerable. A patch will be available during the week of 27 September.

Adobe Reader, up to version 9.3.4 for Windows, Mac and Unix, is also mentioned along with version 9.3.4, and earlier versions, for Windows and Mac. Fixes for these will appear around a week later.

Apple's chief executive Steve Jobs will feel vindicated. Until last week, he resisted allowing Flash on Apple products, despite complaints from the user base. In an open letter last April, he detailed his reasoning. At one point he wrote: "Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash."

This is the third Adobe security advisory to be issued this year about actively exploited vulnerabilities. The previous one was last Wednesday, less than a week ago, and a workaround using a toolkit from Microsoft has been released but, as yet, no fix.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020