Attackers are exploiting an unpatched bug in Adobe System's popular Flash Player, security researchers warned Tuesday.
The bug, which is in the most up-to-date version of Flash, was reported by researchers at the SAN Institute's Internet Storm Center and by others from Symantec.
"Adobe Flash Player is prone to an unspecified remote code-execution vulnerability," Symantec said in a warning posted to its SecurityFocus site. "An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
"Symantec has observed that this issue is being actively exploited in the wild," the company added.
The last serious Flash vulnerability fixed by Adobe was patched last month. That bug was used in late March by a hacker to take down a laptop running Windows Vista and claim a US$5,000 prize in a contest sponsored by 3Com's TippingPoint security company.
According to Symantec, Flash Player 9.0.124.0 -- the version currently available for download from the Adobe site -- is vulnerable to attack. Flash is used by a huge number of Web sites, including YouTube, to display multimedia content.
Adobe officials were not immediately available for comment.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Data Centre Assessments: The First Step to Optimisation
Look before you leap | Key considerations for moving to 802.11n
5 steps to getting started with data loss prevention
The business justification for data security
Top 10 Ways to Increase IT ROI Without Adding Staff
Secure Remote Access
Providing Business Continuity and Disaster Recovery for Microsoft Cluster Server and Windows Server 08 Failover Clustering Apps
Customer Experience Management: Improving the Consistency and Quality of Customer Interactions
Zones provide focussed content from Computerworld and leading technology partners.
Comments
Post new comment