Google patches Flash bug before Adobe
Rest of world must wait
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack. Users of the animation software on other browsers and operating systems will have to wait until next week for the same patch.
Chrome was able to beat the rest of the pack thanks to ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash, Adobe spokeswoman Wiebke Lips said. Google is then able to push the update to Chrome users through the browser's automatic update mechanism.
Adobe, by contrast, has to test updates on more than 60 platforms or configurations, a requirement that takes more time to get patched software to the world at large.
The update fixes a critical Flash vulnerability that attackers are using in the wild to install malware on end user machines. The exploits embed a malicious Flash file in a Microsoft Excel document that is emailed to highly targeted individuals, Adobe said. If the document is opened, it compromises some computers.
The unspecified Flash vulnerability affects all versions of Flash, but the exploits target only Flash for Windows. Microsoft said on Thursday that machines running Office 2010 aren't susceptible to attacks because of a security protection known as data execution prevention that's built into the the application suite.
Installing the updated Chrome browser will thwart attacks on older versions of Windows only if it doesn't have a version of Adobe's Flash for Internet Explorer installed and views Flash content only through Chrome's integrated version, Lips said.
Google over the past few months has been pushing the boundaries in promptly patching vulnerabilities identified in Chrome. Last Friday, it issued a new browser version that fixed a vulnerability identified by researchers Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers in its underlying Webkit engine identified during the previous day's Pwn2Own hacker competition.
If only the same could be said about Google's Android smartphone OS. ®
COMMENTS
True
Your kind makes people to setup a page with the flash exploit, mask it with url shortener, put link to some xxx looking mail sent to your address and exploit your computer saying "what did you say?" while erasing all data.
Must be glad I am not a black hat.
Flash vulnerability means, it can be run embedded from any web page to infect poor non techie users. Got it? They even put them in Ads!
Here's a brilliant idea for you
Read. Think. Don't post.
* Malware Installed by LiveJournal Ad
http://it.slashdot.org/story/06/06/24/1420251/Malware-Installed-by-LiveJournal-Ad
* Major Ad Networks Found Serving Malicious Ads
https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210
* Google Text Ads For Known Malware Sites
http://tech.slashdot.org/story/08/11/14/1352221/Google-Text-Ads-For-Known-Malware-Sites
* Hackers Use Banner Ads on Major Sites to Hijack Your PC
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
* Malware Rising - Attacks Increasing Through Malicious Online Advertising
http://www.securityweek.com/malware-rising-attacks-increasing-through-malicious-online-advertising
etc.
so...
We must make sure newbies install Google spyware browser (with default settings) and lock themselves and private lives to Google not to be exploited by no-name spyware installed by flash vulnerability.
Funny part is, I haven't heard any spyware that "reads" user private mail and makes sure it is never actually deleted.
If both companies read this comment, here is why the entire planet hates you.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
