Adobe has issued a fix for a zero-day critical flaw in Flash Player a week earlier than expected. The browser plug-in has faced an increasing number of attacks in the wild.
The patch was originally planned for the 27th of September but it began rolling out for Windows, Mac and Linux yesterday. However the existing Adobe Reader exploits will have to wait for a patch in the week of October the 4th.
Adobe’s Flash Player is one of the most ubiquitous third party Internet applications in computing today. Many users with versions which aren’t too far out of date will automatically see an Adobe updator when they power on their computers.
Unfortunately the update process for users of browsers other than Internet Explorer is not always as smooth as it should be, occasionally the plug-ins fail to update and need another update install to ensure the system is protected.
Flash vulnerabilities are particularly problematic given the attacks can appear in malicious Flash rolled out via advertising networks so even visiting formerly trusted web sites can provide an unwelcome risk.
As browsers and operating systems become increasingly hardened against security threats, malware creators have ramped up efforts to target third party applications such as Adobe’s Flash and Reader. Particularly since many users are not vigilant about upgrading the software.
Third party PDF viewers such as Foxit or browser plug-ins like Google Chrome’s Docs PDF reader may provide one less threat vector but there’s very little users can do about zero day Flash exploits other than disable Flash entirely.