THERE'S A GREAT BIG SECURITY HOLE in Adobe's Flash Player on desktop and mobile systems, and hackers are already taking advantage of it.
In a warning posted on its website, Adobe said that there's a vulnerability in multiple versions of Flash Player, including the latest 10.2 version released in February. It affects Windows, Mac, Linux and Solaris operating systems.
Smartphone owners need to watch out as well, as the flaw also affects Flash Player on Android 2.2 and later.
Adobe said that the vulnerability is being exploited by hackers, who are using a targeted attack via a Flash .swf file embedded in an Excel .xls file, which is delivered as an email attachment. Adobe informed The INQUIRER that it hasn't seen Android attacks as yet.
There is also a flaw in the authplay.dll component shipping with Adobe Reader and Acrobat for Windows and Mac, but so far there are no reports of attacks against that. Adobe is in the process of creating a fix for the Flash issue, and will hopefully hurry it out as fast as it can.
Hackers attacking security vulnerabilities in Adobe Flash is not a new phenomenon. But ever since Flash Player became available on Android with the 2.2 Froyo release last year, smartphone users have become viable targets.
This is a worrying trend, but is always likely to happen due to the freedom that the Android operating system offers. With malware also affecting apps in the Android market, it might be that 2011 could become the year that Google with its mobile OS comes to truly understand the problems that Microsoft has had with securing its dominant Windows PC operating system. µ
Watch this space
Hackers could erect man-in-the-middle attacks
Painted into a corner
What we'd call copying, Cupertino calls 'inspiration'