bill-swift - May 10, 2012
It seems like cybercriminals are targeting users of Adobe's Flash Player with their new scam and spam campaigns. For example, some recently-discovered rogue Firefox extensions allowed hackers to hijack browser extensions while posting links to a spam video on Facebook.
Another Flash-based malware that is currently being distributed via email has now been found to attack a vulnerability on the Flash Player. This particular malware seeks out and only attacks users running Internet Explorer for Windows, even though the security hole affects the player on all platforms.
Adobe was quick to act on the matter and has already released a patch for their player, which blocks the malware and protects the machines of IE Windows users.
These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
Adobe has announced that the security patch is available for Adobe Flash Player 188.8.131.52 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 184.108.40.206 and earlier versions for Android 4.x, and Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and 2.x.
You can download the Adobe Flash Player patch here.
Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices