'Critical' security issue discovered in Adobe Flash Player software

Mar 15, 2011 10:41 AM

Adobe warns its Flash Player software for smart
phones and computers has a critical security flaw.

Adobe is warning that a "critical vulnerability" has been discovered in its Flash Player software that could cause the computer or smart phone to crash--or worse, allow a hacker to gain control.

The company also warns that there have been reports that this vulnerability is already being exploited by hackers using a malicious Flash file (with an extension of .swf) embedded within a Microsoft Excel (.xls) spreadsheet file.

The affected Flash Player software versions are:

Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.2.154.18 and earlier for Chrome users
Adobe Flash Player 10.1.106.16 and earlier for Android
The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

The company reports that it is working on a fix to the problem but most likely will not have it ready until sometime next week.

In the meantime, follow safe computer practices--including not downloading any files from unknown or untrusted sources. (And don't blindly trust files sent by friends, because they and their devices might have been hacked or otherwise compromised.)

You can find other online safety tips on Consumer Reports Guide to Online Security.

--Paul Eng

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat [Adobe]
Adobe Product Security Incident Response Team Blog [Adobe]
Adobe finds 'critical' security hole in Flash Player, won't fix it before next week [Engadget]