Adobe Flash – The Gift That Keeps On Giving

UPDATE:  As expected, Adobe did release a second patch emergency patch for this bug and expects it to be available for download this week.  Adobe has said that there are reports of vulnerability being “actively exploited”.

You can check what version of Flash you are running by going to this link at Adobe.com .

Adobe Flash – the software that Steve Jobs hated so much that he wouldn’t allow it on mobile i-devices and said, about Flash, that it had abysmal security – has another exploit in the wild.  The reason for Jobs’ hatred of Flash is controversial (see here) and maybe due to the fact that he could not control Adobe and there are many free Flash based games that aren’t sold (since they are free) by Apple.

That being said, there is another zero day exploit (see here) for which there is a “kit” available to use the exploit.

Right now, the target seems to be Windows and Internet Explorer (yet another reason not to use IE), but the bug also exists in the Mac and Linux version of Flash. Windows Chrome and Firefox users are safer, but should update anyway.

Worse yet, the patch that Adobe released may not fix the problem – or the problem may really be two problems.  In any case, get ready for a second patch soon.

The fact that there is an exploit kit that hackers can use without having to develop it, means it will show up sooner in a hacked web site near you.

The new version of Flash is available at get.adobe.com/flashplayer.

Mitch

by