Computerworld – Last month’s hack of RSA Security began with an exploit of a then-unpatched vulnerability in Adobe Flash Player, the company confirmed Friday.
Attackers gained access to the RSA network by sending two small groups of RSA employees emails with attached Excel spreadsheets, according to RSA, which is the security division of EMC. One of those employees opened the attachment, which was titled “2011 Recruitment plan.xls.”
The Excel document reportedly contained an embedded Flash file that then exploited the then unpatched vulnerability.
Adobe has released patches for Adobe Flash Player 10.2.153.1 for Internet Explorer and Adobe Flash Player 10.2.153.1 for Firefox, Safari, and Opera. These updates were applied to PCSentry customers’ test computers on March 28 and production computers on March 30.
