Adobe Patches Flash Zero-Day: Deja vu All Over Again - Part 2

A mere four days after announcing a new zero-day vulnerability being exploited in Flash, Adobe has released an updated version to patch the flaw. The rapid turnaround is commendable, but hopefully Adobe isn't sacrificing quality for expedience.

Adobe unveiled last Monday that a zero-day vulnerability had been discovered in Adobe Flash, as well as in the authplay.dll element that is used in Adobe Acrobat and Reader. The flaw was reportedly being exploited in the wild in targeted attacks using a malicious Web page or Flash (SWF) file embedded within a Microsoft Word (DOC) or Excel (XLS) file attachment.

Get the latest version of Adobe Flash to make sure you aren't vulnerable to the zero-day exploit
The concerning thing about the latest zero-day revelation, though, is how identical it is to the Flash zero-day that Adobe just announced and raced to patch a month prior. I don't know for sure if the two are related, but at face value it seems to me that maybe Adobe was too quick to patch a specific vector of the vulnerability, but missed the underlying root flaw, and attackers quickly re-engineered the attack to circumvent the Adobe patch.

Adobe recommends that users of Adobe Flash or earlier for Windows, Mac OS X, Linux, and Solaris upgrade to Adobe Flash Player Users of Adobe AIR 2.6.19120 and earlier versions for Windows, Mac OS X, and Linux should make the switch to AIR 2.6.19140.

Google Chrome has Flash integrated into the browser, and users should upgrade to Chrome version 10.0.648.205 to get the patched version of Flash. Adobe does not intend to release an update for Flash for Android until the week of April25.

Also expected no later than the week of April 25 are updates for affected versions of Adobe Reader and Adobe Acrobat. However, as with the previous zero-day patch, Adobe does not intend to produce an update for Adobe Reader X for Windows until the next scheduled quarterly update in June. The Protected Mode sandbox security in Reader X for Windows will prevent any exploit from executing.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Daily Downloads Newsletter