Skip to main content
  1. Home
  2. Computing
  3. News

Adobe Flash under fire with another zero-day exploit

Fahmida Y. Rashid
By

Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a critical flow in the current version of Flash to attack Windows PCs to “cause a crash and potentially allow an attacker to take control.”

Despite Adobe’s claims that the attacks are “limited” and “targeted” only at Windows users, the flaw is pretty far-reaching. All editions of Flash 9 and 10, including those for Windows, Mac, Linux, Solaris, and Google’s Android mobile operating system, and earlier versions, are affected. It’s also present in Adobe Reader and Acrobat, as well, since both programs include code to run Flash embedded in PDF documents. There are no reports of hackers exploiting the bug in PDF applications at this time, according to the company.

Recommended Videos

Technical details of the exploit were not disclosed, but a fix is already in the works. The company will release a patch for Flash in two weeks, or the week of Sept. 27; Acrobat and Reader will have to wait an extra week longer, or the week of Oct. 4, for a patch. Instead of waiting for the normal update on Oct. 12, these patches will be pushed out as an “out of band” security update.

Related

Flash and Reader are Adobe’s two most prominent applications and frequently under attack by hackers. There have been three emergency patches for Reader over the past three months. The latest zero-day exploit reported earlier this month involved JavaScript. For users waiting for the patch, Microsoft announced Sept. 10 that Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 offers some protection against ongoing attacks.

Flash was updated via another emergency patch in June to close a zero-day hole.

All this is just enough to make us wonder again if Steve Jobs is onto something with his adamant refusal to allow Flash on the iPhone and iPad.

Editors' Recommendations

Topics
Fahmida Y. Rashid
Fahmida Y. Rashid
Former Digital Trends Contributor
Adobe Acrobat and Reader under attack with a zero-day exploit
adobe acrobat and reader under attack with a zero day exploit

Adobe identified a critical vulnerability in Adobe Acrobat and Reader on Tuesday, but said today that attackers were already exploiting this bug. All versions of Acrobat and Reader 8 and 9 for Windows, Macintosh, and Unix are open to attack. Even the latest versions, 8.2.4 and 9.3.4 are not safe. Other PDF reading alternatives, such as Foxit Reader, are not affected.

Masquerading as a harmless PDF file, this exploit has malformed font and image files. Spreading as an e-mail attachment to innocent-sounding emails, the PDF saves and runs an executable file to disk when it’s opened. A variation of the email offers tips on ways to improve your golf game. Security firm Trend Micro spotted a variation with a Trojan, TROJ_PIDIEF.WM, that downloaded two other Trojans called TROJ_DLOADR.WM and TROJ_CHIFRAX.BU.

Read more
I put the RTX 4060 Ti up against the RX 6700 XT — and there’s a surprising winner
RX 6700 XT graphics card installed in computer.

You generally expect that a new generation of graphics cards will outperform the previous generation, but we're in a precarious spot this time around. Nvidia's recent RTX 4060 Ti hasn't been met with a warm reception, and cheaper last-gen options like the RX 6700 XT have looked increasingly attractive as their prices come down.

I threw both cards on my test bench to see which is the better one to buy, and there's a clear winner. There are some important considerations to keep in mind before picking up either GPU, though.
Where's the value?

Read more
These ingenious ideas could help make AI a little less evil
profile of head on computer chip artificial intelligence

Right now, there’s plenty of hand-wringing over the damage artificial intelligence (AI) can do. To offset that, Firefox maker Mozilla set out to encourage more accountable use of AI with its Responsible AI Challenge, and the recently announced winners of the contest show that the AI-infused future doesn’t have to be all doom and gloom.

The first prize of $50,000 went to Sanative AI, which “provides anti-AI watermarks to protect images and artwork from being used as training data” for the kind of large-language models that power AI tools like ChatGPT. There has been much consternation from photographers and artists over their work being used to train AI without permission, something Sanative AI could help to remedy.

Read more