It was only a month ago that Adobe agreed that its Flash Player was under attack from a group of hackers, and fresh news has come out that the same is happening again as an advisory has been issued by the firm which cites a critical flaw in the application which is being exploited by the hackers in the wild. Unlike the Excel file exploits which took place last month, hackers are now mounting targeted attacks which use Microsoft Word files which have been embedded with Flash files and are then sent as email attachments. These attacks are only hitting the version 10.2 of Adobe Flash Player and earlier on Windows operating systems; however it has been revealed that Linux, Mac, Android and Solaris versions are vulnerable too.
Just as Microsoft discovered, the hackers prefer to target those software which they believe will help them make the biggest profits. Flash and Reader are ideal for them as they are among the most popular software applications in the world. A vulnerability has also been found with the Windows Authplay.dll component that ships with the Adobe Reader and Acrobat X. Fortunately, Adobe has said that the company hasn’t encountered PDF attacks which try to take advantage of this weakness as of yet. These flaws fill be fixed by the 14th of June according to Adobe.
A regular cyclic quarterly patch had been set up by Adobe in 2009 for its Adobe readers as hackers were targeting PDF files very frequently. It looks like the time has come for Adobe to follow the same example for its Flash Player too since a monthly or quarterly cycle for updates will be much more efficient in this regard considering the regularity of the attacks that have been taking place.
