Adobe Warns of Critical Flash Bug, Already Being Exploited

Trailrunner7 writes "On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks. The new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher Mila Parkour tested the bug and posted a screenshot of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader."

Re:Why two weeks to fix?

[bit01]

They need to come up with a reliable way to fix this, make absolutely sure it actually fixes the problem, and then make sure the patch doesn't cause crashes on any of the OS variants out there.

All of which would take less than 24 hours if they actually gave a shit. The shills will say otherwise but they're lying as usual.

---

There is no such thing as selling DRM'ed hardware/software. Everything DRM'ed is actually rented.

Re:OS makers not helping much either

[__int64]

Sand-boxing is one approach, indeed their are many. However the first question which should perhaps be asked is, should any non-executable file be allowed to 'execute' in even the most broadest sense.