ARN

Hackers exploiting Flash Player zero-day bug

Details skimpy, but in-the-wild attacks taking place, say researchers

Attackers are exploiting an unpatched bug in Adobe System's popular Flash Player, security researchers warned Tuesday.

The bug, which is in the most up-to-date version of Flash, was reported by researchers at the SAN Institute's Internet Storm Center and by others from Symantec.

"Adobe Flash Player is prone to an unspecified remote code-execution vulnerability," Symantec said in a warning posted to its SecurityFocus site. "An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

"Symantec has observed that this issue is being actively exploited in the wild," the company added.

The last serious Flash vulnerability fixed by Adobe was patched last month. That bug was used in late March by a hacker to take down a laptop running Windows Vista and claim a US$5,000 prize in a contest sponsored by 3Com's TippingPoint security company.

According to Symantec, Flash Player 9.0.124.0 -- the version currently available for download from the Adobe site -- is vulnerable to attack. Flash is used by a huge number of Web sites, including YouTube, to display multimedia content.

Adobe officials were not immediately available for comment.

Come socialise with us! Facebook | LinkedIn

More about: 3Com, 3Com, Adobe, SecurityFocus, Symantec, TippingPoint, TippingPoint
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
ARN Directory | Distributors relevant to this article
Annuity Systems , Anyware Computer Accessories , Aquion , ASI Solutions , Dicker Data , Distribution Central , Express Data , Express Online , Firewall Systems , Impact Systems Technology , Ingram Micro Australia , Lynx Technologies , Scholastic , Topstar Computer International , Xpress I.T.
ARN Directory | Vendors relevant to this article
Symantec
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/418_free-tdk-headphones-with-every-100-lto-cartrid
ACA Pacific

Free TDK Headphones With Every 100 Imation or TDK LTO Cartridges Purchased.

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.