[Infowarrior] - Google patches Flash bug before Adobe
Richard Forno
rforno at infowarrior.org
Sun Mar 20 08:02:23 CDT 2011
Google patches Flash bug before Adobe
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 18th March 2011 23:33 GMT
http://www.theregister.co.uk/2011/03/18/google_chrome_update/
Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack. Users of the animation software on other browsers and operating systems will have to wait until next week for the same patch.
Chrome was able to beat the rest of the pack thanks to ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash, Adobe spokeswoman Wiebke Lips said. Google is then able to push the update to Chrome users through the browser's automatic update mechanism.
Adobe, by contrast, has to test updates on more than 60 platforms or configurations, a requirement that takes more time to get patched software to the world at large.
The update fixes a critical Flash vulnerability that attackers are using in the wild to install malware on end user machines. The exploits embed a malicious Flash file in a Microsoft Excel document that is emailed to highly targeted individuals, Adobe said. If the document is opened, it compromises some computers.
The unspecified Flash vulnerability affects all versions of Flash, but the exploits target only Flash for Windows. Microsoft said on Thursday that machines running Office 2010 aren't susceptible to attacks because of a security protection known as data execution prevention that's built into the the application suite.
Installing the updated Chrome browser will thwart attacks on older versions of Windows only if it doesn't have a version of Adobe's Flash for Internet Explorer installed and views Flash content only through Chrome's integrated version, Lips said.
Google over the past few months has been pushing the boundaries in promptly patching vulnerabilities identified in Chrome. Last Friday, it issued a new browser version that fixed a vulnerability identified by researchers Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers in its underlying Webkit engine identified during the previous day's Pwn2Own hacker competition.
If only the same could be said about Google's Android smartphone OS. ®
More information about the Infowarrior
mailing list