Hackers are exploiting an unpatched bug in Flash Player, according to Adobe themselves. The firm has said that the vulnerability could cause a crash and allow a hacker to tack control of an affected system.
The CVE-2011-0611 bug is causing problems for Adobe as it is currently being exploited. A flash file (.swf) embedded in a Microsoft Word document that is delivered as an email attachment targets the Windows Platform, according to Adobe.
This critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions for Windows, Linux, Solaris and Macintosh. Flash Player 10.2.156.12 and earlier versions for Android. Versions 10.2.154.25 and earlier for Chrome are also affected. The authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems is also affected.
Adobe have issued a statement saying that they aren’t aware of any attacks via PDF targeting Adobe Reader and Acrobat. Reader X Protected Mode mitigations would stop this kind of exploit from executing in the first place.
Adobe have said they are “in the process of finalizing a schedule for delivering updates”.
KitGuru says: Does this reinforce the point that Steve Jobs made a long time ago about the platform being open to huge security issues?