Adobe is pressing Android, PC, Mac and Linux users of its popular Flash Player plug-in to download an update which closes off a recently exploited vulnerability.
According to the software giant, various weaknesses in Flash Player “could cause a crash and potentially allow an attacker to take control of the affected system”. Abode yesterday confirmed one of these flaws is already being taken advantage of by the hacker community.
“There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” stated Adobe. “This universal cross-site scripting issue could be used to take actions on a user’s behalf on any website or webmail provider if the user visits a malicious website.”
Despite the weakness discovered in Flash, unless you’re working in government, the military or for a mega-bucks corporation, it’s unlikely your handset will be targeted. Speaking at a conference on Tuesday, Adobe product security chief Brad Arkin commented that zero-day attacks on Adobe’s products have in the last 18 months only come from “groups that have enough money to build an aircraft carrier”. The implication here is hacks of this magnitude are state-sponsored.