Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use malicious Word documents.
Adobe said on Wednesday night that it plans to push out the Flash Player patch for Google Chrome today, as part of the Chrome release channel. A separate patch for Adobe Acrobat X for Windows and Mac, Reader X for Mac and Reader 9.x for Windows and Mac on April 25.
The company is planning to wait until June to release a patch for the Flash Player bug in Reader X for Windows because the sandbox in that application prevents exploitation of the vulnerability. The patch for Chrome will be available earlier than the others thanks to Adobe’s relationship with Google.
“During our response to any zero-day vulnerability, Adobe seeks to protect as many users as quickly as possible. As part of our collaboration with Google, Google receives updated builds of Flash Player for integration and testing. Once testing is completed for Google Chrome, the release is pushed via the Chrome auto-update mechanism. Adobe is testing the fix across all supported configurations of Windows, Macintosh, Linux, Solaris and Android (more than 60 platforms/configurations altogether) to ensure the fix works across all supported configurations. Typically, this process takes slightly longer and, in this case, is expected to complete on April 15 for Flash Player for Windows, Macintosh, Linux and Solaris,” the company said in a statement.
When they disclosed the vulnerability earlier this week, Adobe officials warned customers that the vulnerability was already being used in targeted attacks that were leveraging malicious Flash files embedded in Microsoft Word documents. Microsoft security engineers analyzed the attacks and found that the attackers are using a complex exploit routine to build shellcode and then inject the exploit code into the Flash Player.
Related Posts
- Analysis of the New Adobe Flash Attacks
When Adobe warned customers earlier this week about a newly discovered vulnerability in the Flash Player software, company officials said that there were already attacks underway against the bug. Thos... - Flash Player Update available
Just a short notice on the now available Adobe Flash Player Update: Version 10.2.159.1 has been released which fixes the critical security vulnerability which allow attackers to infect computers with ... - WordPress Hacked, Source Code Stolen
Servers belonging to Automattic, which makes the popular Wordpress blogging software, say that their servers were hacked and that the company's source code is believed to have been "exposed and copied... - New Adobe and Google Ship Flash and PDF in Chrome Sandbox
There's been a lot of news related to software sandboxing in the last week, but one event in particular: Google has moved version 8 of Chrome (specifically 8.0.552.21) into the "Stable" chan... - Adobe Security Update for Flash Player
Today, Adobe announced the release of a security update for its Flash Player software, which was originally scheduled for release on September 27th. The update was moved up a week, as it addresses a ... - Google Patches Security Holes in Chrome Browser
Google on Thursday released a new version of its Chrome browser that patches nine security vulnerabilities, including two critical threats.
View full post on Network World on Security... - Microsoft, Adobe Announce Security Tools, Partnership
At Black Hat on Wednesday, Microsoft and Adobe announced that Adobe would be releasing advance vulnerability information to security vendors through Microsoft's existing MAPP (Microsoft Active Protect... - Microsoft Announces Security Tool and Adobe Partnership
At Black Hat today Microsoft and Adobe announced that Adobe would be releasing advance vulnerability information to security vendors through Microsoft's existing MAPP (Microsoft Active Prote... - Adobe Flash Player 10.1 – Security Update Available, (Wed, Jun 16th)
Please patch those flash players as soon as possible.
Last week Handler Deb Hale posted a diary speaking to some Adobe proof of concept malware in the wild.
http://isc.sans.edu/diary.html?story... - Java: Worse than Adobe and Microsoft for vulnerabilities?
Brian Krebs thinks so:
Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals.
Of th...
Posted on 14 April 2011. Tags: &, Adobe, Application, browser, Compliance, flash, Google, Microsoft, regulations, Security, Vulnerabilities, Web
The above information is reprinted from and copyrighted © by threatpost - The First Stop for Security News.
