back to article Adobe promises emergency patch for Flash, Reader bugs

Adobe Systems plans to release emergency patches for its Flash and Reader applications after learning a critical vulnerability is being exploited to install malware on vulnerable machines. The out-of-cycle patches for Adobe Flash Player 10 and Acrobat and Reader versions 9, 10, and X will arrive during the week March 21, the …


This topic is closed for new posts.
  1. Eddie Johnson

    You Can Fool Some of the People For Years and Years

    You can fool some of the people all of the time and all of the people some of the time but anyone still running Adobe Reader after ~10 years and ~10 major versions of this crap is the fool of all fools. But hey, all you need is another 100M download to solve the problem - or at least delay it for another month.

    1. This post has been deleted by its author

  2. David 141


    And there is a reason why you'd need flash embedded in Excel?

  3. MrEee
    Jobs Horns

    Funny, but...

    I want Flash on my phone ASAP!

  4. Mark Dowling

    Adobe's sandbox is just dandy

    If it didn't break integration with at least one other vendor's apps who then advise you to disable it...

    1. BristolBachelor Gold badge


      Yes, but it is the integration that causes these problems.

      When everything didn't try to automatically do everything all inside and link to everything else there were few attack vectors. This happened because a Flash object was embeded inside an Excel object, that was embeded in an email...

  5. Anonymous Coward

    A "preponderance" of caution?

    I do not think it means what he thinks it means. Tell him to try "abundance" next time.

  6. Anonymous Coward

    come one

    Please, html5, kill flash soon.

    1. ~mico

      Hell, yeah!

      Naturally, there was NEVER an exploit involving HTML, CSS or Javascript, not to mention JPEG graphics! And of course, most browsers are NOT being updated once a month for this reason.

      Mine is the one with abacus in the pocket. Can't exploit that one, can you? Not a single version update in 100 years, and the only crash bug is when you use it to, ahem, kill insects.

  7. Ilgaz


    So as DEP may prevent some attacks, MS doesn't ship some obvious flaw fixers to their products?

    Isn't sandbox'es purpose pushed a bit too much in this case? What if black hats are in "wait and see" mode and will release sandbox beating exploit variant later?

    It is almost like showing off a demo risking millions of users. They don't even have the exploit in hand and I bet they never contacted kaspersky/f-secure/avast etc. to figure if they got some heuristic hit in their hand. Yes, modern AV apps share heuristic/suspicious behaviour data with the av company for a reason.

  8. Reg Varney

    Are Adobe ever going to get their collective arses in gear?

    Their bloated explot-ridden apps need to be totally ripped down and re-written. Chances of that happening... 0.001%

  9. Anton Ivanov

    No 64 build just yet

    The "square" version is still at the same as before. For Linux: Shockwave Flash 10.3 d162

    Bummer... Oh well, It is not like gnumeric or openoffice will try to run a flash embed in the first place... Oh will they? It will be interesting to test a sample.

  10. Robert Carnegie Silver badge

    Surely, Adobe Reader 10 IS Adobe Reader X?

    Is Acrobat still around as a product name - the PDF creator I suppose. Well, anyway.

    Does Microsoft Excel suck too, since it's used in these exploits, or is it not Microsoft's problem?

  11. Anonymous Coward
    Anonymous Coward

    Reader X

    HAHA Adobe i have a customer who had adobe reader with sandbox installed and got a bobby trapped pdf last week.

    NOW on uninstall it had the latest reader x on, i tried to update it before i pulled it and install foxit.

    I wasnt onsite when it got installed and alas the user who opened the DHL email wasnt really tech savvy enough to explain exactly what happened.

    But it appears the hacked installed a later version of the fake av alert that got into the stock exchange at the start of feb, so it appears they have extended out of add banners now and are trying spamming as well....


    1. This post has been deleted by its author

  12. This post has been deleted by its author

This topic is closed for new posts.

Other stories you might like