Adobe Flash exploit to be patched next week2011.03.16 09:51 by Daniela
Keywords: Adobe, Flash Player, security
Adobe has issued a warning that a critical vulnerability has been detected in its Flash player.
The vulnerability is exploited via a corrupt Flash file packaged inside a Microsoft Excel file. Apparently the XLS file sets up the system memory to make the attack more effective, and with success it installs persistent malware on the target machine.
The problem also affects Adobe Reader and Acrobat as well as Flash, and patches are planned to be released next Monday for Acrobat and Flash.
However, Adobe isn't going to push out a fix for Adobe Reader X until the next quarterly security update for the application, which happens to be June 14th.
The reason for the lengthy delay in Reader's case is down to several factors. The attacks using this exploit are currently "limited" in scope, Adobe claims, and are of course currently using XLS not PDF as a vehicle.
Read more -here-