Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a critical flow in the current version of Flash to attack Windows PCs to “cause a crash and potentially allow an attacker to take control.”
Despite Adobe’s claims that the attacks are “limited” and “targeted” only at Windows users, the flaw is pretty far-reaching. All editions of Flash 9 and 10, including those for Windows, Mac, Linux, Solaris, and Google’s Android mobile operating system, and earlier versions, are affected. It’s also present in Adobe Reader and Acrobat, as well, since both programs include code to run Flash embedded in PDF documents. There are no reports of hackers exploiting the bug in PDF applications at this time, according to the company.
Technical details of the exploit were not disclosed, but a fix is already in the works. The company will release a patch for Flash in two weeks, or the week of Sept. 27; Acrobat and Reader will have to wait an extra week longer, or the week of Oct. 4, for a patch. Instead of waiting for the normal update on Oct. 12, these patches will be pushed out as an “out of band” security update.
Flash and Reader are Adobe’s two most prominent applications and frequently under attack by hackers. There have been three emergency patches for Reader over the past three months. The latest zero-day exploit reported earlier this month involved JavaScript. For users waiting for the patch, Microsoft announced Sept. 10 that Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 offers some protection against ongoing attacks.
Flash was updated via another emergency patch in June to close a zero-day hole.
All this is just enough to make us wonder again if Steve Jobs is onto something with his adamant refusal to allow Flash on the iPhone and iPad.
"The quicker we all let go of this ridiculous platform, the better all our lives will be in the future, I promise you."
hahahaaaa
never mind war, famine, poverty, death etc… it was the flash platform ruining our lives all along how could we have been so blind!
if flash annoys you so much, sell your computer and never go on the internet again… that will really make your life better! you will have some extra cash and probably a lot more sex: win-win baby
scuse my sarcasm, but your post tickled me
It's true, there are alternate reasons, actually the only research you need to do is read Jobs candid open letter to know exactly why he doesn't want Flash.
But you know, to boil it down, Flash is an over-bloated, abstracted piece of crap that only thrived because it was the only option in the past. The only reason it continues to exists today is because of the archaically slow adoption of HTML5 (don't give me a comparison, I saw Adobe themselves, live, showing me how HTML5 makes the vast majority of Flash totally useless) on major websites and for the unexplainable fan base (or nostalgia) for this horrid piece of software.
The quicker we all let go of this ridiculous platform, the better all our lives will be in the future, I promise you, look past the initial discomfort. Everything has a transition phase. Though unfortunately, instead of embracing our first change to ditch this crap with mobile platforms, we've gone ahead and screwed that up by demanding mobile Flash at the top of our lunges…and boy is that working great…oh wait, you tell me they're just going to wait for the specs of mobiles to get so high that they hide how crap their software really is? Same thing that happened on desktops you say? Hmmmm.
"All this is just enough to make us wonder again if Steve Jobs is onto something"
Yes because there are no security exploits in any of apples code that allow jailbreaks by simply visiting a website.
You just asked a question and answered it in your own post? Are you an adobe employee? =)
Adobe just creates crap, especially on the Mac platform. None of their software works okay when you use a case-sensitive file system and hasn't for years. Its just sloppy coding and laziness. I for one wish flash would just die already.
All this makes you wonder if Steve Jobs is on to something? Please. Hackers attack the most common technologies. Apple has been pretty "safe" because they have only had such a small percentage of market share. Not worth hackers time to penetrate.
ALL popular software (Windows, Flash, Reader) will always have hackers attempting to exploit problems. The real test is to see how quickly those problems are resolved. I know I'm only a lowly developer and now a writer like you Fahamid, but you have to realize that absolutely NO software is hacker proof, and if you think there is software that is hacker proof it will show your ignorance.
Steve Jobs insistence to not allow Flash on its phone is for alternative reasons. Do a little research and you'll see what I mean. Maybe write a little about that rather than just being a fanboy without thinking.