Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net)

Posted by BeauHD on from the security-bulletin dept.

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.

2 of 50 comments (clear)

  1. And vSphere administrators everywhere.... by tk77 · · Score: 4, Insightful

    all cried out in frustration when the vCenter web client stopped working today due to flash suddenly crashing due to an automatic update.... and then further frustrated by the fact they'd have to manually drop back to the vulnerable 27.0.0.159 to actually administer their servers.

    Screw you Adobe. And screw you VMware for still only having a partially implemented HTML5 interface.

  2. Uninstall Flash. by Gravis+Zero · · Score: 3, Insightful

    If you still have a Flash plugin installed then now is the proper time to uninstall it.

    --
    Anons need not reply. Questions end with a question mark.