Google today preempted Adobe by fixing a “critical” security issue with Adobe’s Flash Player. Google’s fix, however, only covers its Chrome Web browser. Users of other browsers will likely have to wait for Adobe to release an official patch, which is planned for release sometime this week.
The “zero-day” bug was first brought to attention of the public last week after infected .swf files (Flash’s extension) — which were embedded in Excel documents (.xls) — began appearing in email inboxes. Opening the compromised file could cause a system to crash or, at the very worst, could result in a hacker “[taking] control of the affected system.”
Microsoft has said that user’s of Office 2010 are not vulnerable through a security system included in the software suite. Users of older versions of Windows who are running Chrome will only be safe if they do not have Flash for Internet Explorer installed and only stick to using Flash through Chrome. Mac users may be safe for the moment, but it’s suspected that vulnerability could be adjusted to exploit Apple products. If you’re a non-Chrome user, you’re best bet would be to remove Flash until Adobe releases the patch. If you are a Chrome user, be sure to update.
Google’s owes its speediness in releasing the Chrome fix in part to its close relationship with Adobe. Through an agreement, Google is granted access to early builds of Flash before they’re released to the public. That gives the company a head-start on testing — something it takes very seriously when it comes to the security of its Chrome browser.
While Google only had to worry about testing the fix for Chrome, Adobe will have to test its patch on around 60 system configurations before its ready for release.