Hackers have Adobe admitting to vulnerabilities with Flash. Hackers were able to exploit zero day vulnerabilities in computers by using a rigged Microsoft Excel file with an embedded Flash file to gain access.
Adobe released a statement that the vulnerability of Flash Player is present in Windows, Mac OS X, Linux, Solaris and Chrome. The bug also exists on autoplay.dll of Adobe Reader and Acrobat X. The company has warned that the exploit was delivered through an email attachment of Microsoft Excel (.xls) with an embedded Flash (.swf) file.
The vulnerability is capable of causing a crash in the system and allows the hacker to take over of the compromised system. Reports states that the vulnerability “is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment”. Adobe is not aware of attacks intended for Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations avoids such issues by preventing execution of such exploits.
Adobe is currently working on a patch for the vulnerability. The company is looking forward to shipping out bug fixes for Flash Player 10.x and older versions for Windows, Mac, Linux, Solaris and Android on the 21st of March. Due to sandbox protection with the Windows version of Adobe Reader X allowing the software to avoid the attack, Adobe is not planning to update the software until the scheduled update on June 14.
A brand new version of Adobe Reader is also to be released on the same date.
While this exploit method is through email attachment we can never be sure if a hacker can take over a website and load the Flash file leading to more chaos in Adobe’s backyard. This makes Apple’s stance to not include Flash in their mobile devices some legitimate merit.