Adobe released a security bulletin yesterday outlining a new ‘critical’ security exploit in its Flash Player software. This exploit also affects Adobe Reader and Acrobat software, but it seems they are not being exploited at this time. Every version up to and including the latest Flash Player is affected.
According to Adobe attackers are using a Flash file (.swf) embedded in a Microsoft Excel (.xls) file which is delivered via email. The company is currently working on a fix to plug the security hole in their Flash Player software, and expects to have an update ready for the week beginning March 21st.
From Adobe:
We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
Related:
Google warns of IE security flaw
Internet Explorer 9 goes live
Firefox 4 out of beta, first release candidate available
Skype serving up advertisements next week
Google announce Chrome 10.0
Facebook keeping ‘abreast’ of nudity guidlines