April 14, 2011, 10:47AM
Adobe to Patch Flash Zero Day on Windows, Mac on Friday
3 Comments
Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use malicious Word documents.
Adobe said on Wednesday night that it plans to push out the Flash Player patch for Google Chrome today, as part of the Chrome release channel. A separate patch for Adobe Acrobat X for Windows and Mac, Reader X for Mac and Reader 9.x for Windows and Mac on April 25.
The company is planning to wait until June to release a patch for the Flash Player bug in Reader X for Windows because the sandbox in that application prevents exploitation of the vulnerability. The patch for Chrome will be available earlier than the others thanks to Adobe's relationship with Google.
Editor's Pick
"During our response to any zero-day vulnerability, Adobe seeks to protect as many users as quickly as possible. As part of our collaboration with Google, Google receives updated builds of Flash Player for integration and testing. Once testing is completed for Google Chrome, the release is pushed via the Chrome auto-update mechanism. Adobe is testing the fix across all supported configurations of Windows, Macintosh, Linux, Solaris and Android (more than 60 platforms/configurations altogether) to ensure the fix works across all supported configurations. Typically, this process takes slightly longer and, in this case, is expected to complete on April 15 for Flash Player for Windows, Macintosh, Linux and Solaris," the company said in a statement.
When they disclosed the vulnerability earlier this week, Adobe officials warned customers that the vulnerability was already being used in targeted attacks that were leveraging malicious Flash files embedded in Microsoft Word documents. Microsoft security engineers analyzed the attacks and found that the attackers are using a complex exploit routine to build shellcode and then inject the exploit code into the Flash Player.
Commenting on this Article is closed.
Today's Most Popular
- Dear Jailbreaker, Apple Wants to Have a Word with You
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- White House Security Czar Howard Schmidt Retiring
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 60
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
believe you meant to say April 15 not 25th in the first paragraph...
No, the Flash Player patch for Windows and mac is due on April 15, but the patch for Reader on some platforms is coming out the week of April 25.
http://blogs.adobe.com/psirt/2011/04/update-on-security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
I'm still waiting on that patch... getting pretty close to close of business on the east coast!