Monday, June 6, 2011

Another Flash Player Patch

On Sunday Adobe released an update to Flash Player to combat a 0-day -- an exploit previously unknown which is "in the wild".  This may also affect Adobe Reader 9 and 10, so watch this space for updates for those programs in the next few days.

ISC Diary | Adobe releases Flash Player patch on a Sunday to combat latest 0day
Adobe releases Flash Player patch on a Sunday to combat latest 0day
http://www.adobe.com/support/security/bulletins/apsb11-13.html
Flash Player Patch Fixes Zero-Day Flaw — Krebs on Security
Adobe released an emergency security update today to fix a vulnerability that the company warned is being actively exploited in targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

The vulnerability — a cross-site scripting bug that could be used to take actions on a user’s behalf on any Web site or Webmail provider, exists in Flash Player version 10.3.181.16 and earlier for Windows, Macintosh, Linux and Solaris. Adobe recommends users update to version 10.3.181.22 (on Internet Explorer, the latest, patched version is 10.3.181.23). To find out what version of Flash you have, go here.

Google appears to have already pushed out an update that fixes this flaw in Chrome. Adobe says it will ship an update to fix this flaw on Android sometime this week.

No comments: