Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Warns of Critical Flash Bug, Already Being Exploited

Posted by timothy on from the dirty-captalists dept.

Trailrunner7 writes "On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks. The new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher Mila Parkour tested the bug and posted a screenshot of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader."

9 of 244 comments (clear)

  1. Re:of course by blair1q · · Score: 2, Funny

    It happens when you open PDF documents and Flash scripts. Duh.

  2. Re:Adobe sucks. by WrongSizeGlass · · Score: 4, Funny

    Isn't Flash supposedly sandboxed? And, what the hell is Flash doing in a PDF viewing utility?

    Sandboxed? More like litter boxed.

  3. Re:Why two weeks to fix? by Anonymous Coward · · Score: 1, Funny

    There's another way to do it, which works right now, and will help protect against any future flash security holes. Type this into a terminal:

    apt-get remove flashplugin-nonfree

  4. Sure, help yourself by Anonymous Coward · · Score: 0, Funny

    this one

  5. Ironic by Kazymyr · · Score: 4, Funny

    Am I the only one who finds it ironic that a web site that warns of a critical bug in the Flash player tries to install the Flash plugin?

    (yes, I don't have Flash installed anywhere and so the linked web page demands to install it)

    --
    I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
  6. Re:Why two weeks to fix? by 0123456 · · Score: 4, Funny

    They need to come up with a reliable way to fix this, make absolutely sure it actually fixes the problem, and then make sure the patch doesn't cause crashes on any of the OS variants out there. Otherwise the chaos would be worse.

    Indeed: just imagine the riots in the streets if they accidentally broke Farmville. Having millions more PCs in botnets will be much less harmful.

  7. Re:Understand Apple a bit better? by SatanicPuppy · · Score: 2, Funny

    Apple does the things it does because Jobs isn't afraid of shit. It's not like other companies don't hate Adobe as well, but only Steve-o would be willing to drop his pants and scream "Suck my diiiiiick!" at Adobe.

    And good on him. I don't think the web as a whole is ready to move off Adobe products, but Apple has a history of driving those sorts of migrations (floppy whats?) and advertisers and websites can't afford to ignore millions of iPhone/iPad owners, who are, by definition, possessed of more money than sense.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  8. The exploit wouldn't work on the iPhone by Anonymous Coward · · Score: 0, Funny

    It is a well known fact that Apple devices are rendered immune to viruses by the power of Smug. Have you ever seen an Apple with a virus? Apple fanboys sure haven't, and they know it! After all, wWho needs Norton Antivirus when Smug comes free with every Apple device?

  9. Re:"Square" (10.2.x) plugins vulnerable, too, or n by RocketRabbit · · Score: 2, Funny

    Many cultures ritualistically mutilate infants' genitals, as well. That doesn't make it right.