Adobe Confirms Flash Bug, To Issue Fix Next Week

Kara Reeder

According to Computerworld, Adobe has confirmed that hackers are exploiting a zero-day vulnerability in Flash Player using Microsoft Excel documents. However, the company will not patch Flash until next week.

 

As Switched notes, Adobe will also be patching Windows versions of Reader, but Flash is affected on all operating systems. According to Adobe's security advisory:

This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe says it is not aware of any attacks targeting Reader or Acrobat. Adobe's newest version of Reader will not be patched because building a fix would delay the release of the Flash, Reader and Acrobat updates, says Brad Arkin, the company's director of product security and privacy:

Given the mitigation provided by the Adobe Reader X sandbox and the absence of attacks via PDF, we determined that an out-of-cycle update would incur unnecessary churn and patch management overhead on our users not justified by the associated risk.


Add Comment      Leave a comment on this blog post

Mar 16, 2011 7:30 AM Jim Jim  says: in response to J

Well, I apologize.  I had just finished reading the same if not a very similar story on a couple of other sites and they made it seem clear it was a PDF issue and never mentioned Microsoft products.

Reply
Mar 16, 2011 11:28 AM Jim Jim  says:

You seem to have it a bit wrong.  The issue is with PDF documents; not Microsoft Excel documents.  This exploit has nothing to do with Microsoft Excel.

Reply
Mar 16, 2011 12:12 PM J J  says: in response to Jim

@Jim,

Double check your facts before posting.

http://news.softpedia.com/news/Flash-Vulnerability-Exploited-Through-Excel-Spreadsheets-118451.shtml

http://www.computerworld.com/s/article/9214521/Hackers_exploit_Flash_zero_day_Adobe_confirms

http://www.techwatch.co.uk/2011/03/15/adobe-flash-exploit-to-be-patched-next-week/

http://pingpond.com/adobe-admits-hackers-exploiting-unpatched-flash-bugs-885101.htm

I'd keep listing, but could they all be wrong? Or just you?

It's about embedding the flash file into a Excel doc, as the writer said "using Microsoft Excel documents",  she is completely on par with the description of the issue.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data