Hackers Exploit Adobe Flash, Websites Attacked

Hackers exploit Adobe Flash Player.

The unpatched bug, which is in the most up-to-date version of Flash, was reported by researchers at the SANS Institute's Internet Storm Center and by others from Symantec Corp.

"Adobe Flash Player is prone to an unspecified remote code-execution vulnerability," Symantec said.

Symantec says an attacker may exploit this growing issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

The last serious Flash vulnerability fixed by Adobe was patched last month. That bug was used in late March by a hacker to take down a laptop running Windows Vista and claim a $5,000 prize in a contest sponsored by 3Com Inc.'s TippingPoint security company.

According to Symantec, Flash Player 9.0.124.0, the current version, is vulnerable to attack. Flash is used by a huge number of Web sites, including YouTube, to display multimedia content.

Later on Tuesday, Adobe said it is aware of the reports of in-the-wild exploits. "We are working with Symantec to investigate the potential [Flash] vulnerability, and will have an update once we get more information," the company said in a brief entry posted to its security team's blog.