Adobe is working on a fix, but until then you should be careful when dealing with Flash files – there are reports of attacks using this vulnerability…
Here’s a list of the affected software:
- Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.18 and earlier for Chrome users
- Adobe Flash Player 10.1.106.16 and earlier for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
The reported attacks that exploit the vulnerability happened through an Excel file with an embedded Flash file. So, no attacks on Android as of yet, or at least none that Adobe knows about.
An update will be pushed out next week that fixes the vulnerability in all but Adobe Reader X. Protected Mode of Reader X (which should be enabled by default) prevents the exploit of auto-running so Adobe feel they can wait to patch that up on 14 June, the date the next quarterly security update for Adobe Reader is scheduled for.
No comments:
Post a Comment