Adobe Fixes Security Flaws in Flash

On Tuesday, Adobe released a security update that fixes multiple security flaws in Adobe Flash Player, including vulnerabilities that could allow an attacker to take over a userEUs system. The updates apply to versions of Adobe Flash Player for Windows, Microsoft, iOS, Android and Linux, and are available for download at the Adobe Web site.

The update includes patches for a variety of problems, four of which Adobe rated as EUcritical,EU its highest priority ranking. According to Adobe, critical vulnerabilities include those which, if exploited would allow malicious native-code to execute, potentially without a user being aware. Users can go to the Adobe Web site to verify which version of Flash Player they are running and upgrade to the latest version. Users running multiple browsers should perform a check for each one installed on their systems.

The Vulnerabilities Keep Coming

The update comes only a week after hackers took advantage of a Flash vulnerability to attack the AOL Ad Network with a nasty bit of malvertising. The attack affected popular Web sites such as the Huffington Post, GameZone and LA Weekly. Ads hosted on those sites from an AOL ad network redirected visitors to a site that exploited a Flash bug to download a Trojan onto the userEUs computer.

According to Adobe, users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to the latest version. Similarly, users of the Adobe Flash Player Extended Support Release, Adobe Flash Player for Linux, Adobe Flash Player for the Chrome browser and Internet Explorer, Adobe AIR desktop runtime, Adobe AIR SDK, Adobe AIR SDK and Compiler, and Adobe Air for Android should also update to the latest versions of their respective software.

The news of yet another vulnerability in Flash is unlikely to win Adobe any more fans. Flash Player...

Comments are closed.