Feeds

Adobe patches critical Flash Player vuln under attack

One down, one to go

Top 5 reasons to deploy VMware with Tegile

Adobe Systems has patched a critical vulnerability in its ubiquitous Flash Player that has been under active attack for at least a week.

The company on Monday issued an update for Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android handsets. Adobe has disclosed few details about the threat other than to say it allows attackers to take complete control of computers running the application and that there are reports that it is being “actively exploited in the wild against Adobe Flash Player on Windows.”

The vulnerability also affects fully patched installations of Adobe Reader and earlier versions, for Windows, Macintosh, and Unix, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. Adobe has no reports the vulnerability in those programs is being exploited.

Monday's patch closes one of two known zero-day vulnerabilities being used to attack Adobe users. As previously reported, a highly sophisticated attack spreading by email attempts to install malware on Windows machines by tricking recipients into opening a booby-trapped PDF file. The underlying stack overflow vulnerability affects non-Windows versions of Reader as well.

Adobe has said a patch for that bug will be released the week of October 4.

As usual, Windows-based Flash users who surf the web with Firefox or another browser other than Internet Explorer will have to install the patch at least twice to be fully protected. Users are reminded to uncheck the box hawking free software such as McAfee Security Scan when updating. ®

Internet Security Threat Report 2014

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.