UK IT Industry Awards

Where am I? >
Home >
News >
Security > Hacking

Attackers exploit critical Flash bug

By Stuart Sumner

Follow Stuart on Twitter

21 Jun 2011

Be the first to comment

Hackers are using a critical security vulnerability in Flash to attack users despite a recent update from Adobe designed to fix the bug.

Last week, Adobe released a series of security patches for their products, fixing a number of issues that included this vulnerability.

Further reading

Adobe said that the vulnerability, which it referred to by the identifier CVE-2011-2110 in its update, "could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious web pages."

More recently, security company Websense has discovered that this vulnerability is being used in two separate forms of attack.

This includes so-called drive-by attacks, where users need only to visit a site in order to be served malware. The other form is spear-phishing, a targeted phishing attack that attempts to lure an internet user into clicking a malicious link by claiming to come from a legitimate business.

The vulnerability only exists in versions of Flash which have yet to be patched with the latest security update. Websense recommends that all users patch the latest version as soon as possible.

"As always, it's crucial that you install the latest version of Adobe Flash Player as soon as possible if you haven't done so already. The vulnerable versions are any version older than 10.3.181.26," said the company.

Reader comments

Add your comment

Have your say on this article

Your name
Email address
Comment title
Your comment

All fields required. Your email address will not be displayed on the site.

By submitting a comment you agree to abide by our Terms & Conditions

Submit

Newsletters

Sign up for our FREE newsletters

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

Yes! These firms are spending billions on the rights to sue one another, rather than focusing on creating new products.

87 %

No! The knowledge that firms are stringently searching for any IP infringement means that new products must be genuinely innovative, and borrow nothing from previous designs if they are to remain in stores and out of the courtroom.

5 %

It doesn't matter! The only useful thing left to be invented is time travel, so I can go back to a time when I had more hair.

8 %

Influence - Consumerisation

Enterprise use of mobile mashups

Case studies & reports

Cloud computing insights from 110 implementation projects

Case studies from large organisations across all sectors

The lesson of 2012: prepare now for increased data volumes

... And rich media, and flexible working, and peaks in traffic ...

More case studies and reports

Upcoming Events

Gain better control of your data with enterprise database consolidation

Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.

Date: 31 May 2012

Time: 11:00 AM

Top 10 causes of IT disasters – and how to deal with them

Concept image of data backup with life preserving floating on background of binary data

Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.

Date: 13 Jun 2012

Time: 11:00 am

More events

Job of the week

More IT Jobs

IT job alerts

Receive the latest jobs direct to your inbox

IT job finder

IT salary checker

Are you being paid what you are worth?

Check Salary

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

Attackers exploit critical Flash bug

The security threat of consumerisation

RSA appoints chief security officer

Government cyber security plans to focus on information assurance

Sign up for our FREE newsletters

Kaspersky Lab backtracks on statement, clarifies relationship with Apple

Nine out of 10 custom-built web applications vulnerable to attack

SOCA website brought down by cyber criminals (UPDATED)

The UK IT Awards 2012

MicroStrategy World 2011 - Monte Carlo

Can we defeat the spammers?

Adobe patches two critical Flash Player vulnerabilities

Adobe vulnerability being used to attack defence industry

Lockheed Martin warns of critical cyber vulnerability

Researchers find spike in malware targeting online payment

Yahoo Messenger exploit threatens new wave of malware

Mid-Senior ISO Developer - Mobile and Devices

Business Intelligence Team Leader / Lead Developer - Derby

Integrateur des Applications Bancaires

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

Flame virus: son of Stuxnet uncovered in Middle East

Google Apps for Business awarded ISO 27001 certification

Retailer slams ICO over 'embarrassing banality' of revised cookie law guidance

Google to fund new UK computer science teachers

SMEs lose out as staff wars intensify

HP: 27,000 job cuts by 2014, Mike Lynch to leave (NEW UPDATE)