Adobe warns of a critical 'Zero-Day' Flash vulnerability
Adobe explains that the virus comes from an SWF (Flash) file, embedded within a Microsoft Excel email file attachment. When the malicious Flash file is opened, it causes a system crash, and then turns control of your device over to the perpetrators. Furthermore, Adobe indicates that the flaw is more than a mere vulnerability, but that it is being "targeted in attacks."
So is this vindication for Apple's exclusion of the Adobe Flash software on iOS? We don't think so. But we like to imagine that Steve Jobs is sending an email blast that simply says, "I told you so."
The following software versions are affected (i.e. everything):
- Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.18 and earlier for Chrome users
- Adobe Flash Player 10.1.106.16 and earlier for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Adobe says that they have yet to hear of Acrobat and Reader being affected by the vulnerability. They are in the process of developing a fix, but don't anticipate a final solution until the week of March 21st. And this isn't surprising, considering how many platforms are in need of the patch.
source: Adobe via Yahoo! News