Less than a week after fielding reports that hackers were targeting a bug in its Flash Player software, Adobe Systems has rushed out a fix for the problem.
Adobe’s new 10.1 Flash update, released Thursday, fixed a bug that was first spotted via a small number of targeted attacks late last week.
According to Symantec, these Flash attacks are still not widespread, but users should update their Flash software as soon as possible. “We have been seeing a small but steady rise in detections of related malicious PDFs and we expect to continue to see these numbers increase over the coming hours and days,” the security vendor said in a statement.
Criminals have been exploiting the flaw using malicious Flash swf files, which are typically opened by the Web browser’s Flash Player plugin, or via PDFs that have maliciously encoded Flash components embedded inside them, Adobe said Thursday. Those malicious PDFs are typically opened by Reader or Acrobat, which include their own versions of Flash Player that have not yet been patched. That fix is due June 29.
Thursday’s update includes an unusually large number of security bug-fixes, 32 in all. “It’s a huge number of bugs fixed, something along the lines of what we’d expect of Apple,” said Andrew Storms, director of security operations with nCircle Network Security.
Adobe’s Flash and Reader software have emerged as prime hacking targets in the past year, and the company is toying with the idea of releasing more frequent security updates to keep pace.