Adobe has revealed details of a critical vulnerability (CVE-2011-0611) in its Flash Player that is being actively exploited. This is another security blow for Adobe considering that recently it was revealed that hackers managed to breach security at RSA using a flaw in Flash. The current exploit, which targets Windows, uses a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment.
According to Adobe the critical vulnerability exists in Flash Player 10.2.153.1 (10.2.154.25 for Chrome users) and earlier versions for Windows, Macintosh, Linux and Solaris. Also affected is Adobe Flash Player 10.2.156.12 and earlier versions for Android.
Adobe are working on a update to Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android.
AFFECTED SOFTWARE VERSIONS
- Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.25 and earlier for Chrome users
- Adobe Flash Player 10.2.156.12 and earlier for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.
Do you think Adobe Flash has become a liability, especially for corporations? Leave a comment below.