Adobe patches latest Flash zero-day

Google Chrome users got the the update Thursday

Adobe today patched a critical vulnerability in Flash Player that the company said criminals were already exploiting with malicious Microsoft Word and Excel documents.

On Monday, Adobe acknowledged the bug, said exploits were circulating, and promised to fix the flaw with an emergency update.

Today's update was Adobe's second rush patch in less than four weeks.

The new version, Flash Player 10.2.159.1, is available for Windows, Mac, Linux and Solaris.

Missing from that list is Android, the Google mobile operating system that also runs Flash. A fix for the same flaw will be issued to Android users no later than the week of April 25, said Adobe.

Adobe will patch the popular PDF viewer Adobe Reader that same week. The Flash vulnerability also exists in Reader and the more advanced Acrobat because both include code that renders Flash content embedded in PDF files.

Although initial attacks were launched using malicious Word attachments, hackers later expanded the campaign to include malformed Excel files, according to Mila Parkour, the independent security researcher who reported the Flash flaw to Adobe.

Parkour, who has been tracking the attacks for more than a week, has published information about them on her Contagio Malware Dump blog.

Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China's antitrust laws, or a purported Japanese nuclear weapons program. Later messages were more mundane, and posed as corporate reorganization plans or new company contact lists.

Parkour also traced the resulting malware's "phone-home" communications to a server registered in China, and noted that some of the malicious Word and Excel documents had been originally crafted in Chinese.

Google updated its Chrome browser -- which includes a copy of Flash Player -- Thursday, fixing not only the Adobe bug but a trio of critical vulnerabilities in the browser's hardware acceleration technology. Like Internet Explorer and Firefox, Chrome taps the computer's graphics processor (GPU) to handle some page composition and rendering tasks.

Google usually tags as "critical" only those bugs that attackers could use to escape the browser's "sandbox," an anti-exploit technology designed to prevent malicious code from escaping the browser.

Users running other browsers can download the patched version of Flash Player from Adobe's site .

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftGoogleMalware and Vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?