gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76774 Posts in 13500 Topics by 1651 Members - Latest Member: insider4ever March 28, 2024, 09:00:40 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Adobe Flash under fire with another zero-day exploit
gfx
gfxgfx
 

Author Topic: Adobe Flash under fire with another zero-day exploit  (Read 1209 times)

0 Members and 1 Guest are viewing this topic.

Offline p2p rules

  • Forum Member
Adobe Flash under fire with another zero-day exploit
« on: September 14, 2010, 11:39:32 pm »
Quote
Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a critical flow in the current version of Flash to attack Windows PCs to “cause a crash and potentially allow an attacker to take control.”

Despite Adobe’s claims that the attacks are “limited” and “targeted” only at Windows users, the flaw is pretty far-reaching. All editions of Flash 9 and 10, including those for Windows, Mac, Linux, Solaris, and Google’s Android mobile operating system, and earlier versions, are affected. It’s also present in Adobe Reader and Acrobat, as well, since both programs include code to run Flash embedded in PDF documents. There are no reports of hackers exploiting the bug in PDF applications at this time, according to the company.

Technical details of the exploit were not disclosed, but a fix is already in the works. The company will release a patch for Flash in two weeks, or the week of Sept. 27; Acrobat and Reader will have to wait an extra week longer, or the week of Oct. 4, for a patch. Instead of waiting for the normal update on Oct. 12, these patches will be pushed out as an “out of band” security update.

Flash and Reader are Adobe’s two most prominent applications and frequently under attack by hackers. There have been three emergency patches for Reader over the past three months. The latest zero-day exploit reported earlier this month involved JavaScript. For users waiting for the patch, Microsoft announced Sept. 10 that Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 offers some protection against ongoing attacks.

Flash was updated via another emergency patch in June to close a zero-day hole.

All this is just enough to make us wonder again if Steve Jobs is onto something with his adamant refusal to allow Flash on the iPhone and iPad.
digitaltrends

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Adobe Flash under fire with another zero-day exploit
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.027 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!