Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    Adobe Updates Flash, Reader, Acrobat to Fix Zero-Day Bug

    By
    Fahmida Y. Rashid
    -
    March 21, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Adobe has fixed and issued a security update to the zero-day vulnerability in its Flash Player. In addition, the company has updated older versions of Acrobat and Reader that could cause user systems to crash.

      A week after announcing the critical vulnerability in Adobe Flash Player, Acrobat and Reader, the company issued out-of-cycle security updates to close the hole on March 21.

      The security update applies to Adobe Flash Player 10.2.152.33 and earlier versions for Microsoft Windows, Apple Macintosh, Linux and Solaris systems. The update also includes the latest version of Adobe AIR 2.6 for Windows, Macintosh and Linux. Adobe patched the vulnerability in the Flash Player for Google Android, which was released on March 18.

      There were reports of the vulnerability already being exploited against Flash, but none against Reader or Acrobat, Adobe had said in the initial advisory, issued March 14. The Flash exploit embedded a malicious Flash file (SWF) in a Microsoft Excel file and was e-mailed to victims as an attachment. Opening the compromised file could cause a system to crash and allow a hacker to remotely take control of the affected system, according to Adobe’s original security warning.

      Security researchers had questioned why this kind of an obscure capability was turned on by default in Excel. Microsoft has said that Office 2010 users are not vulnerable to this exploit because of a security system called data execution prevention that is included in that version of the office productivity suite. The exploit would affect users running older versions of Office on Windows.

      Even though the vulnerability exists in the Mac versions of Adobe software, the current exploit targets only Flash for Windows. However, the exploit could easily be tweaked to work on the Macintosh platform. With this type of potential vulnerability, Adobe decided it is best to patch all platforms at once.

      Adobe had also noted that the sandboxing technology in Reader and Acrobat meant the exploit wouldn’t succeed, had one existed.

      Adobe also rolled out another set of updates for earlier versions of Adobe Reader and Acrobat 10.x and 9.x versions for Windows and Macintosh. The fix for Adobe Reader X for Windows is expected to be included in the next quarterly update, scheduled for June 14, the company said. Including the fix for Reader X would have delayed the fix for the earlier versions even more, according to Adobe.

      Adobe Reader 9.x for Unix, Adobe Reader for Android, Adobe Reader 8.x and Acrobat 8.x are not affected by the vulnerability, Adobe said.

      Separately, Google fixed the security vulnerability for the embedded Flash Player in its Chrome Web browser on March 17, long before Adobe rolled out its updates. Google was able to get the fix in earlier because it has an ongoing collaboration with Adobe that gives it early access to Flash before it is released, according to the Guardian.

      Users running Chrome will have to make sure Flash for other browsers are updated, or uninstall them altogether and use Flash only on Chrome, the article warned.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×