Adobe warns of Flash vulnerability, Mozilla promotes HTML5

By on March 15, 2011, 6:37 PM
Adobe has warned of a critical vulnerability in Adobe Flash Player that affects a vast majority of users. The flaw (CVE-2011-0609) has been exploited in the wild and allows an attacker to gain control of a machine by embedding a malicious Flash SWF file in a Microsoft Excel XLS file. Adobe reports that the XLS file is being distributed via email, so you should be fine as long as you don't open any suspicious documents.

Affected software includes Flash Player 10.2.152.33 (10.2.154.18 for Chrome) and earlier on Windows, Mac, Linux and Solaris. Flash 101.106.16 and earlier versions for Android are also affected, as is the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier for Windows and Mac. According to a blog post by Kaspersky Lab's Roel Schouwenberg, the exploit doesn't seem to work on Windows 7.


Adobe plans to remedy the situation by releasing a patch next Monday. That update will fix all of the above-mentioned software, except Adobe Reader X. The program has a "protected mode" that would prevent an exploit of this nature from working, so there's no immediate threat to users. Adobe Reader X will be fixed during the next quarterly security update for Adobe Reader, which is currently scheduled for June 14, 2011.

News of the latest Flash vulnerability comes as the software faces ongoing criticism. Speaking to Fast Company, Mozilla exec Jay Sullivan promoted the use of HTML5 and referred to Flash as a "plug-in prison." Sullivan said Flash crashes Firefox more than any other plug-in, noting that the browser's crash protection feature was designed with Flash in mind. "HTML5 is the longer-term answer," Sullivan says. "We're on that path now."




User Comments: 7

Got something to say? Post a comment
Kibaruk Kibaruk, TechSpot Paladin, said:

Well if it doesnt work on 7 I just felt a bit safer =)

Lokalaskurar Lokalaskurar said:

Of course HTML5 is the future, but if major websites like YouTube, Facebook and Google doesn't start to take advantage of what the new DocType has to offer, then Flash will rule supreme and crash browsers like never before still.

And not to mention W3C's disapproval of launching the HTML5-standard...

As for the bug, some hacker will probably take advantage of Adobe's "We think a critical security-update is too much too soon"-mentality and swipe some info while they (flash-users) are unguarded.

No offense, Adobe.

gwailo247, TechSpot Chancellor, said:

Wonder how they sell people on opening the Excel file?

See Bernie Madoff's REAL books.

Take a look at what Goldman Sachs DIDN'T want you to see.

Why Wikileaks needs 32 million a year to keep going!

Open attached file and find out!

IAMTHESTIG said:

Damn it Adobe... ok... rant time. This is a bit unrelated, but I gotta sound off here.

Why keep releasing updates to your Flash player so often that (as far as I can tell) are not backwards compatible? An update comes out, several websites update their sites to the new version, then we have to download a new client because it won't play the video. Really annoying!!!

Don't get me wrong, i'm glad you helped pushed Flash to kill QuickTime and Real.... both of which had horrible players and not that impressive codecs... but this constant updating and having to upgrade is getting annoying. You gotta find some way to smooth this process out.

Cota Cota said:

gwailo247 said:

Wonder how they sell people on opening the Excel file?

See Bernie Madoff's REAL books.

Take a look at what Goldman Sachs DIDN'T want you to see.

Why Wikileaks needs 32 million a year to keep going!

Open attached file and find out!

And dont foget the use of "Super" "Ultimate" "Cool" and lets not forget Pron.xls :P wich its like the 99.9% source or work for us technicians that fix users PC's from spoof propaganda and malware; and the reason i use my own apps whit audio/video icons

Guest said:

HTML5? That made me laugh.

We can't even decide whether to use H264 or VP8! Plugin prison? Is HTML5 so different? It looks like, at the moment, we're going to end up with two formats. Either all browsers will be able to play both via plugins, or each video will be needed to be encoded in both formats.

Go HTML5! Really.

treetops treetops said:

Adobe and java always seem to have holes for hackers.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.