Adobe Discovers Critical Security Flaw in Flash, Won't Release Patch Until Next Week

From DailyTech: Another critical vulnerability in Flash was announced by Adobe this week. The latest in a string of high profile flaws afflicting its PDF and Flash formats, the news adds fuel to the fire of the company's detractors

Among those detractors is Apple CEO Steve Jobs who has spewed vehemence about Adobe over the last year, claiming Flash crashed Macs, was buggy, insecure, and ate up battery life. Adobe and Apple enjoy a rather curious relationship given the fact that Apple users account for a significant portion of the sales of Adobe's lucrative Creative Studio Suite.

While Mr. Jobs' stance on Flash is somewhat extremist, Adobe is certainly taking its sweet time with getting patches to these critical flaws out the door. The latest flaw, which affects Flash, Adobe PDF Reader, and Adobe Acrobat, won't be fixed until next week.

That might be acceptable, except for the fact that malicious users, according to Adobe’s own accounting, are already actively exploiting this vulnerability in the wild.

Hackers/spammers are distributing Excel spreadsheet documents that look innocent, but contain a harmful embedded SWF (Flash) file that exploits the flaw to gain unauthorized access to the victim's system. Adobe says Windows, OS X, and Linux machines alike are all affected by the flaw.

View: Article @ Source Site