It looks like Steve Jobs can smirk about making the right decision not to support Flash on any of the iOS devices. A second Zero-Day (really, really bad) flaw has been found that can allow malicious code inside a MS Office Document to take control of your computer by utilizing a hole in Adobe’s Flash Player.
For the second time in the last four weeks, Adobe has told users that hackers are exploiting an unpatched bug in Flash Player, again by embedding malicious code inside a Microsoft Office document.
In a security advisory issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment. (via Infoworld
As always the rule is “don’t open email attachments from people you don’t know and be leery of unsolicited email attachments from people you DO know”.