Adobe Patches Flash Zero-Day: Deja vu All Over Again - Part 2

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

A mere four days after announcing a new zero-day vulnerability being exploited in Flash, Adobe has released an updated version to patch the flaw. The rapid turnaround is commendable, but hopefully Adobe isn't sacrificing quality for expedience.

Adobe unveiled last Monday that a zero-day vulnerability had been discovered in Adobe Flash, as well as in the authplay.dll element that is used in Adobe Acrobat and Reader. The flaw was reportedly being exploited in the wild in targeted attacks using a malicious Web page or Flash (SWF) file embedded within a Microsoft Word (DOC) or Excel (XLS) file attachment.

Get the latest version of Adobe Flash to make sure you aren't vulnerable to the zero-day exploit
The concerning thing about the latest zero-day revelation, though, is how identical it is to the Flash zero-day that Adobe just announced and raced to patch a month prior. I don't know for sure if the two are related, but at face value it seems to me that maybe Adobe was too quick to patch a specific vector of the vulnerability, but missed the underlying root flaw, and attackers quickly re-engineered the attack to circumvent the Adobe patch.

Adobe recommends that users of Adobe Flash or earlier for Windows, Mac OS X, Linux, and Solaris upgrade to Adobe Flash Player Users of Adobe AIR 2.6.19120 and earlier versions for Windows, Mac OS X, and Linux should make the switch to AIR 2.6.19140.

Google Chrome has Flash integrated into the browser, and users should upgrade to Chrome version 10.0.648.205 to get the patched version of Flash. Adobe does not intend to release an update for Flash for Android until the week of April25.

Also expected no later than the week of April 25 are updates for affected versions of Adobe Reader and Adobe Acrobat. However, as with the previous zero-day patch, Adobe does not intend to produce an update for Adobe Reader X for Windows until the next scheduled quarterly update in June. The Protected Mode sandbox security in Reader X for Windows will prevent any exploit from executing.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon