It has been reported that 9 out of 10 Windows computers are vulnerable to a new Flash zero-day vulnerability.
A Danish security research firm has reported that 9 out of 10 Windows users are susceptible to an attack via their currently installed Flash player 9 and 10. Adobe will be releasing a patch for this particular vulnerability but it will not be released until Thursday (07/30/2009).
Flash has always been a highly exploited application where it be the case where hackers use a fake adobe flash installer executable to spread malware or take advantage of a discovered vulnerability within the program. In this case, it is a vulnerability in Flash Player versions 18.104.22.168 and 10.0.22.87 that allows hackers to carry out drive-by attacks hosted on sites that are malicious and legitimate ones that have already been compromised.
In the recent events of hackers attacking via the new Flash vulnerability, security vendors have reported thousands of sites that are launching drive-by attacks against Flash.
Adobe has already acknowledged critical bugs within Flash and among two other applications, Acrobat and Reader. Since then, they are promised to deliver new patches for Flash and by July 30th and then for Acrobat and Reader by July 31st.
What do you do to protect yourself in the meantime?
Users are able to actually disable or delete the flawed component of each application. It was found that the "authplay.dll" file is the culprit in the current discovered zero-day vulnerability. The US-CERT website or, United States Computer Emergency Readiness Team, has posted a Technical Cyber Security Alert TA09-204A that lists links to properly secure your web browser to help avoid this specific attack.
Do you fear that we will see an up rise of vulnerabilities within Adobe Flash?