“Adobe late Friday warned that attackers are exploiting a critical vulnerability in the company’s most widely-used software: Flash Player and Adobe Reader,” Gregg Keizer reports for Computerworld.
“The zero-day vulnerability is reminiscent of one Adobe disclosed and patched in July 2009, and comes just days after the company’s head of security admitted hackers have its software in their crosshairs,” Keizer reports.
“Adobe said that the bug affects Flash Player 10.0.45.2, the most up-to-date version of the popular media player, as well as older editions on Windows, Macintosh, Linux and Solaris,” Keizer reports. “Also vulnerable: PDF viewer Adobe Reader 9.x and PDF creation software Adobe Acrobat 9.x on Windows, Macintosh and Unix.”
“Hackers are already exploiting the flaw. ‘There are reports that this vulnerability is being actively exploited in the wild against Flash Player, Reader and Acrobat,’ the company said in a security advisory issued around 3:30 p.m. PT Friday,” Keizer reports.
“Danish bug tracker Secunia rated the threat as ‘extremely critical,’ the highest ranking in its five-step scoring system. The U.S. Computer Emergency Readiness Team (US-CERT), an arm of the federal Department of Homeland Security, also posted a warning of the vulnerability,” Keizer reports. “Attackers exploiting the flaw may be able to hijack the targeted computer, Adobe acknowledged.”
Full article here.
MacDailyNews Take: So, not only are the ingrates at Adobe lazy, they’re also inept.
[Thanks to MacDailyNews Reader “Mike D” for the heads up.]
Adobe = trash
Great timing!
Um, are there reports of Macs (or any other OS) being taken over by this, or is it just “possible.” it would be good to know.
Then again, I use ClickToFlash and Preview, do I guess I’m not much at risk, unless a hacker takes over a website I trust.
And leaky trash at that.
a-do-be -noun
1. sun-dried brick made of clay and straw, in common use in countries having little rainfall.
2. a yellow silt or clay, deposited by rivers, used to make bricks.
3. a building constructed of adobe.
4. a dark, heavy soil, containing clay.
5. a bunch of lazy ingrates purporting to provide the whole Internet experience via bug-ridden, poorly designed malware masquerading as the last word in content creation software.
6. shite, as in “what a steaming pile of adobe”.
=:~)
Ironic that the nail in Flash’s coffin, comes from none other than Adobe itself.
Kharma’s a funny thing.
Sneaky Apple hackers.
“Sneaky Apple hackers.”
maybe the North Carolina server has gone online ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
fifth column
This couldn’t have come at a worse time. The media, and it’s people all pointing fingers, making accusations of many issues.
This just puts another feather in Steve jobs hat. Lol
Clearly this is a plot hashed by Steve Jobs or Adobe is just incompetent. I’m betting on the latter.
Iphone and Ipad not affected…
…Apple iPhones and iPads not affected.
Dangit, I was beaten to the punch.
@ Krioni
Under Mac OS X, the Adobe applications run under the user’s ID instead of the root user. Therefore, even if an exploit was designed to affect Mac OS X, it don’t think it could “hijack” a Mac.
If you want to count how many days, weeks, months (the record is 7 months for Adobe) it takes to get these latest security holes patched, synchronize watches then keep an eye on either of these two pages at the Adobe site:
http://www.adobe.com/support/security/
http://blogs.adobe.com/psirt/
Adobe announced these security holes 2010-06-04.
Ready, steady, GO!
@biscou
LOL!
Fifth column indeed!
Lol. Great definition
Rob Enderle is sure to claim that this is from an “Apple” mole in Adobe!
Those two article is relative …..
http://www.ifunia.com/ipad-column/on-apple-ipad-html5-and-flash.html
http://blog.streamingmedia.com/the_business_of_online_vi/2010/01/apples-ipad-has-major-design-flaw-no-builtin-stand-for-watching-video.html
Rob Enderle has a poster of ” I Believe” like Mulder has in his office on the X-Files.
@ken1w
That helps, but there are always privilege escalation vulnerabilities that can be exploited to get root once a hacker has dome privileges as a user.
The most relevant question to ask before gloating about this is whether HTML5 has any similar vulnerability. I don’t know, but I’d like to.
HEY, NO FAIR! I WANT THESE FLASH EXPLOITS ON MY IPAD TOO!!!
“the company said in a security advisory issued around 3:30 p.m. PT Friday,”
Want to bury a press release so nobody covers it? Release it late Friday afternoon.
Oldest trick in the book.