March 14th, Adobe confirmed that there is an un-patched bug in Adobe Flash Player using Microsoft Excel documents. Hackers are embedding malicious Flash files within Microsoft Excel documents and then sending the document as an attachment on an email. Adobe though, has confirmed that these attacks are not targeting reader or Acrobat users.
The security flaw could cause a crash or allow a hacker to take control of an infected system. It appears that the attack is limited to some organizations rather than a universal threat. The Flash, Reader and Acrobat updates will be released next week. Reader X will be patched on the scheduled update on June 14th. Note: Reader X for Windows contains a sandbox which should go some way to stopping malicious files from writing/spreading to an operating system.
Source: ID Theft Protect
Comments are closed.