Adobe Patches Flash Player Bug as Hackers Attack IE for Windows - Security - News & Reviews - eWeek.com | eWeek

Adobe Patches Flash Player Bug as Hackers Attack IE for Windows

Verfasst von
Brian Prince
Brian Prince
May 4, 2012
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

If successfully exploited, the vulnerability could allow hackers to crash and even take control of an affected system.

According to Adobe, the Microsoft Vulnerability Research (MSVR) program reported the vulnerability on April 25. The patch was pushed out as soon as it was available, a company spokesperson said.

“There are reports that the object confusion vulnerability (CVE-2012-0779) addressed in this update is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message,” Wendy Poland, senior program manager on Adobe’s Product Security Incident Response Team, explained in a blog post. “The exploit targets Flash Player on Internet Explorer for Windows only.”

The vulnerability exists in Flash Player versions 11.2.202.233 and earlier for Windows, Macintosh and Linux systems, as well as versions 11.1.115.7 and earlier for Android 4.x and versions 11.1.111.8 and earlier for Android versions 3.x and 2.x. The company said the plan to include a Google Play link for Android users at some point today so that they can get the update for their devices.

“The patch is of highest urgency as there are attacks in the wild against the vulnerability,” said Wolfgang Kandek, CTO of Qualys.

“Users that have opted-in to participate in the newly introduced “silent update” feature (currently only available on Windows), will have the update applied automatically on all browsers present on their system,” he continued. “Users of other operating systems and users that have opted-out of ‘silent update’ need to manually install on all browsers.”

Alex Horan, senior product manager at penetration testing firm CORE Security, said Flash Player makes for a fantastic target for opportunistic attackers.

“For a lot of modern and exciting Websites you need Flash to view their content, see their videos, etc., so the first time a user visited a site like that they would have installed Flash,” he said. “The likelihood that they ever considered upgrading it is close to zero€”as such attackers know there are a lot of browsers running old and vulnerable versions of Flash and that their browser will automatically load their Flash attacks with no prompt to the user.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.