Posted on Wednesday, September 15 2010 @ 7:20 CEST by Thomas De Maesschalck
DigitalTrends
reports another zero-day exploit is out in the wild for Adobe Flash. A patch is expected to be released within two weeks, and a patch for a zero-day exploit in the company's PDF software that was discovered last week is expected to be released about three weeks from now.
Despite Adobe’s claims that the attacks are “limited” and “targeted” only at Windows users, the flaw is pretty far-reaching. All editions of Flash 9 and 10, including those for Windows, Mac, Linux, Solaris, and Google’s Android mobile operating system, and earlier versions, are affected. It’s also present in Adobe Reader and Acrobat, as well, since both programs include code to run Flash embedded in PDF documents. There are no reports of hackers exploiting the bug in PDF applications at this time, according to the company.
Technical details of the exploit were not disclosed, but a fix is already in the works. The company will release a patch for Flash in two weeks, or the week of Sept. 27; Acrobat and Reader will have to wait an extra week longer, or the week of Oct. 4, for a patch. Instead of waiting for the normal update on Oct. 12, these patches will be pushed out as an “out of band” security update.
