Adobe Warns of Flash Vulnerability

Adobe has issued a Security Advisory [APSA11-01] warning of a critical security vulnerability in its Flash Player.  The flaw affects current and previous versions of Flash Player for all platforms (Windows, Linux, Mac OS X, Android, and Solaris); it also affects Adobe’s Reader and Acrobat products, since they have embedded versions of the player.  Adobe says that Reader X for Windows is not vulnerable, since its “sandboxing” of the player prevents the flaw from being exploited.  More details on the scope of the vulnerability are in the Security Advisory.

At present, attempts to exploit this flaw have been targeted E-mail attacks, carrying an attachment which is an Excel spreadsheet with an embedded Flash object.   (Why anyone needs to embed a Flash video in a spreadsheet is a question that I cannot answer.)  I will post updated information here if I learn of more widespread attacks.

Adobe’s note also says that they intend to release patches for affected versions of the Flash Player, Reader, and Acrobat during the week of March 21.  There is a post on Adobe’s Secure Software Engineering Team [ASSET] blog, which discusses the patch schedule.

4 Responses to Adobe Warns of Flash Vulnerability

  1. Sean says:

    “Why anyone needs to embed a Flash video in a spreadsheet is a question that I cannot answer”

    Easy to answer, so school kids can bypass their school’s security measures and play embedded flash games in Excel instead of doing their class work.

  2. Rich says:

    Ah, yes. I forgot to consider special values of “need”.

    I was in school sufficiently long ago that this problem didn’t arise. We just became adept at keeping our outside reading material covered by the textbook.

  3. […] Kaspersky Labs, this update to Chrome’s embedded  Flash Player fixes the recently discovered security vulnerability, which I posted about earlier this […]

  4. […] week, Adobe issued a Security Advisory about a new critical vulnerability in its Flash Player; Adobe’s AIR product is also affected. […]

%d bloggers like this: