Adobe Flash Player Alert: Zero-Day Critical Vulnerability

If you use Adobe Flash Player (and let’s face it most of us do), you should check out this next piece of news as Adobe has issued a security advisory about a critical vulnerability that has been found in Flash Player.

This could lead to system crashes or even complete loss of control over your system and system hijacks if exploited. The security bulletin says this flaw affects all platforms so that’s users of Flash Player for Mac OS X, Linus, Solaris and also Android. The authplay.dll component of Adobe Acrobat and Adobe Reader X is also affected according to Tony Bradley of PC World.

Adobe also informs that the exploit is active “in the wild” and uses a malicious Flash file (SWF) implanted in an Excel e-mail attachment. Unfortunately although Adobe is currently working on a fix for this critical flaw, it won’t be available for about a week and this will cause a lot of concern in the meantime. We can’t help thinking that Apple might be jumping up and down with glee as this would seem to infer that it made the right decision in refusing to support Adobe Flash Player on iOS devices, such a the iPhone and iPad.

Fahmida Y. Rashid over on eWeek also reports on this zero-day bug and notes that the Excel file attachment is an Excel spreadsheet and queries just why a spreadsheet needs Flash support in the first place. Kapersky Lab’s senior malware researcher, Roel Schouwenberg, said “I don’t really see the point of embedded SWFs inside Excel documents,” adding that this was a typical case of “too much functionality.” We’ll bring you more about the fix as soon as we hear more. What are your thoughts on this critical vulnerability? Let us know with your comments.