Adobe patches Flash Player vulnerability being actively targeted

Security researchers have detected attacks targeting users of Internet Explorer with a Flash file embedded in a Microsoft Word document.

Adobe Systems Inc. plugged a dangerous Flash Player vulnerability and corrected 20 flaws in its Adobe Reader and Acrobat software, issuing critical security updates for the widely used software.

Attackers are actively targeting the Flash Player vulnerability, Adobe warned. Researchers have detected an attack using a malicious .SWF file embedded in a Microsoft Word document. If a victim opens the document, it could cause the application to crash and potentially allow an attacker to take control of the affected system, Adobe said. The security update affects Adobe Flash Player 11.3.300.270 and earlier versions running on Windows, Macintosh and Linux.

"The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows," Adobe said.

Adobe is urging Windows users of Acrobat and Reader 9.5.2 to apply the security update, because exploits for attackers to target the flaws were likely. The update corrects a variety of Acrobat and Reader coding errors that could lead to memory corruption and heap and buffer overflow conditions. The security update also applies to users of Adobe Reader X and Acrobat X running on Mac and Windows.

In addition, Adobe issued an update correcting five vulnerabilities in Shockwave Player. The update affects version 11.6.5.635 and earlier. The flaws "could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system," Adobe said.

Dig deeper on Web Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close