Hackers exploit unpatched Adobe Flash bug
A vulnerability in Adobe's Flash player may affect as many 92% of all Windows PC users
Ninety-two percent of all Windows users are vulnerable to a bug in Adobe’s Flash player, that can allow hackers to launch ‘drive-by’ attacks from infected websites, according to a Danish security company.
The critical bug, which effects Adobe’s Flash Player, Acrobat and Reader applications, apparently came to light at the end of last year, although attacks that exploit the vulnerability have only recently been seen ‘in the wild’.
Initial attacks used the bug in Flash to insert a malicious PDF onto a users PC. In some cases this has resulted in the user’s system locking up, with malicious code then executed on the computer, although the purpose of this is unknown.
The exploit has been detected on thousands of malicious or compromised websites, according to anti-virus vendors.
Acrobat and Reader are also vulnerable to the exploit as they include a function to handle Flash content embedded in PDF files
Adobe has said that it will release patches to solve the problem, with a Flash patch due on 30th July 30, and fixes for Reader and Acrobat one day later.
In the meantime, Adobe is advising users to delete or disable the vulnerable component in the application. For further instructions see the .
Secunia reported the vulnerable Flash Player 10 on the PCs of 92% of its 900,000 users, with version 9, which is also vulnerable on a 31% of all PCs. Abode Acrobat 9.1.2 was present on 2% of machines and Adobe Reader 9.1.2 was found on 48%.