Adobe Identifies Microsoft Office Users For Vulnerability, Releases Another Patch
The Adobe team has seen these now-patched vulnerabilities exploited in the wild both in attacks using Flash content on websites and via targeted emails that bait users into opening a poisoned Microsoft Word document attachment.
Uhley made a note of discussing how Adobe is working hard to improve security by sandboxing Flash Player on the latest editions of the Chrome, Mozilla, and Internet Explorer browsers and also by making it easier for users to get Flash Player updates.
He said that by far, the most-targeted vector was Microsoft Office attachments in emails; Microsoft Office 2010 has a Protected Mode sandbox that prevents the code from being executed by default. In earlier versions of Office, the new Adobe security update will post a warning before executing the Flash content being opened--although the protection looks like little more than a click-through warning that most people won’t even read.
In any case, it’s good to see that Adobe is trying. Pro tip to help the effort: Don’t open email attachments from untrusted sources.