Skip to main content

Adobe Flash Player has ‘critical’ security issue, won’t be addressed until next week

If you use Adobe’s Flash Player at all, tread cautiously. The company released a security advisory late yesterday revealing that a “critical vulnerability” was found in pretty much all versions of the multimedia platform as well as in Adobe Acrobat and Adobe Reader.

Affected versions include: “Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems.”

The vulnerability could result in a crash or potentially be exploited by a hacker to “take control of the affected system.” Worse, there are reports already that this security hole is being exploited via a Flash file (.swf) embedded in a Microsoft Excel (.xls) spreadsheet that arrives as an e-mail attachment. So for the two of you who happily download everything that comes into your mailbox, even if you don’t recognize the sender… stop. It appears that there are no similar exploits out there for Reader or Acrobat yet; Adobe notes that the Protected Mode in Reader X “would prevent an exploit of this kind from executing.”

Work on a fix is underway. Those versions of software with critical flaws — which is everything other than Reader X, since running in Protected Mode will keep you safe — are getting the most attention. Adobe expects a fix to go live “during the week of March 21, 2011.” Reader X for Windows will be addressed as well, but not until the applications quarterly security update, which is currently set for release on June 14.

Unfortunately, the question at the start of this post is a rhetorical one. If you’re on the Internet in any way, then you use Flash. Unless you’re using an Apple iDevice, of course. Somewhere in Cupertino, Steve Jobs is snickering.

Editors' Recommendations

Topics
Adam Rosenberg
Former Digital Trends Contributor
Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…
Flash: Adobe issues emergency update after ransomware attacks
adobe flash logo

Check your Web browser is running the latest version of Flash. And do it now.

Adobe has issued a global alert to computer users around the world warning of a serious security flaw that leaves machines open to ransomware attacks. The company is urging all users to update to the most recent version of the software, which it rolled out Thursday, as soon as possible.

Read more
Adobe issues emergency patch for yet another Flash exploit
A hacker inputting code into a system.

Have you updated Flash recently? Even if you have, you might want to make sure you’re up to date, as yesterday Adobe issued an emergency patch addressing several critical vulnerabilities that the company says “could potentially allow an attacker to take control of the affected system.”

The vulnerabilities affect those using the plugin in Windows, Mac, and Linux, including those versions provided in browsers like Chrome. And at least one of these bugs is currently known to those who walk on the darker side of the Web, with Adobe saying that the patch fixes an exploit that is being used in “limited, targeted attacks.”

Read more
Microsoft’s Edge browser won’t support extensions until next year
microsoft edge

The release of Windows 10  brought the end of Internet Explorer and the introduction of an all-new web browser called Edge, which is the new default choice. Developing a new browser from the ground up means a lot of features found in IE11 are no longer supported, and extension support was one of the most notable extra to get the axe.

That's only a temporary situation, as extension support is being built for Edge, but it looks like fans of the new browser are going to have to wait a bit longer. According to a statement issued to The Verge, extensions are planned for an ambiguous launch window of 2016. Microsoft said earlier this year that they'd be available sometime in late 2015.

Read more