Feeds

Google patches Flash bug before Adobe

Rest of world must wait

Internet Security Threat Report 2014

Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack. Users of the animation software on other browsers and operating systems will have to wait until next week for the same patch.

Chrome was able to beat the rest of the pack thanks to ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash, Adobe spokeswoman Wiebke Lips said. Google is then able to push the update to Chrome users through the browser's automatic update mechanism.

Adobe, by contrast, has to test updates on more than 60 platforms or configurations, a requirement that takes more time to get patched software to the world at large.

The update fixes a critical Flash vulnerability that attackers are using in the wild to install malware on end user machines. The exploits embed a malicious Flash file in a Microsoft Excel document that is emailed to highly targeted individuals, Adobe said. If the document is opened, it compromises some computers.

The unspecified Flash vulnerability affects all versions of Flash, but the exploits target only Flash for Windows. Microsoft said on Thursday that machines running Office 2010 aren't susceptible to attacks because of a security protection known as data execution prevention that's built into the the application suite.

Installing the updated Chrome browser will thwart attacks on older versions of Windows only if it doesn't have a version of Adobe's Flash for Internet Explorer installed and views Flash content only through Chrome's integrated version, Lips said.

Google over the past few months has been pushing the boundaries in promptly patching vulnerabilities identified in Chrome. Last Friday, it issued a new browser version that fixed a vulnerability identified by researchers Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers in its underlying Webkit engine identified during the previous day's Pwn2Own hacker competition.

If only the same could be said about Google's Android smartphone OS. ®

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.