Adobe patches latest Flash zero-day

Google Chrome users got the the update Thursday

Adobe today patched a critical vulnerability in Flash Player that the company said criminals were already exploiting with malicious Microsoft Word and Excel documents.

On Monday, Adobe acknowledged the bug, said exploits were circulating, and promised to fix the flaw with an emergency update.

Today's update was Adobe's second rush patch in less than four weeks.

The new version, Flash Player 10.2.159.1, is available for Windows, Mac, Linux and Solaris.

Missing from that list is Android, the Google mobile operating system that also runs Flash. A fix for the same flaw will be issued to Android users no later than the week of April 25, said Adobe.

Adobe will patch the popular PDF viewer Adobe Reader that same week. The Flash vulnerability also exists in Reader and the more advanced Acrobat because both include code that renders Flash content embedded in PDF files.

Although initial attacks were launched using malicious Word attachments, hackers later expanded the campaign to include malformed Excel files, according to Mila Parkour, the independent security researcher who reported the Flash flaw to Adobe.

Parkour, who has been tracking the attacks for more than a week, has published information about them on her Contagio Malware Dump blog.

Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China's antitrust laws, or a purported Japanese nuclear weapons program. Later messages were more mundane, and posed as corporate reorganization plans or new company contact lists.

Parkour also traced the resulting malware's "phone-home" communications to a server registered in China, and noted that some of the malicious Word and Excel documents had been originally crafted in Chinese.

Google updated its Chrome browser -- which includes a copy of Flash Player -- Thursday, fixing not only the Adobe bug but a trio of critical vulnerabilities in the browser's hardware acceleration technology. Like Internet Explorer and Firefox, Chrome taps the computer's graphics processor (GPU) to handle some page composition and rendering tasks.

Google usually tags as "critical" only those bugs that attackers could use to escape the browser's "sandbox," an anti-exploit technology designed to prevent malicious code from escaping the browser.

Users running other browsers can download the patched version of Flash Player from Adobe's site .

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftGoogleMalware and Vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?