Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hackers exploit Flash bug in new attacks against Gmail users

Gregg Keizer, Computerworld | June 6, 2011
Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users.

Although most Flash vulnerabilities can also be exploited using specially-crafted PDF documents -- Adobe's Reader includes a component named "authplay.dll" that renders Flash content in PDFs -- Adobe said it wasn't sure whether its popular Reader contained the flaw.

"Adobe is still investigating the impact to the Authplay.dll component," the company's advisory stated. "Adobe is not aware of any attacks targeting Adobe Reader or Acrobat in the wild."

While Adobe did not say whether Reader -- and the for-a-fee Acrobat -- will be patched, the programs are slated for an update June 14 to fix other flaws the company has previously acknowledged in authplay.dll.

Users running browsers other than Chrome can download the patched version of Flash Player from Adobe's site.

Flash's update mechanism
Flash's update mechanism -- added to the Mac edition just last month -- should kick in to offer the patched plug-in.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.