Wednesday, September 21, 2011

Adobe Flash Player updated again to plug zero-day attacks

Once again the Adobe Flash Player needs to be updated.  As of this writing the MSI installer for the plugin version is NOT available (the ActiveX MSI is), but one hopes it will available soon.  Although the ZDNet story only says "Windows and Mac users", the Adobe Security Bulletin also mentions Linux and Solaris and Android users are vulnerable and need to update.

Adobe to rush out Flash Player patch to thwart zero-day attacks | ZDNet
[ UPDATE: The update is live. Here's a link with more details]

Adobe is planning to rush out a critical Flash Player patch later today (September 21, 2011) to fix security holes that are being used in targeted zero-day attacks.

According to Adobe, the Flash Player update will address critical security issues in the product as well as an importantuniversal cross-site scripting issue that is reportedly being exploited in the wild in targeted attacks.

The company is expected to fix at least 16 documented vulnerabilities, some critical enough to expose Windows and Mac users to code execution attacks via Flash files hosted on Web pages.
Adobe - Security Bulletins: APSB11-26 - Security updates available for Adobe Flash Player
Critical vulnerabilities have been identified in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page,
or right-click on content running in Flash Player and select "About
Adobe (or Macromedia) Flash Player" from the menu.  If you use multiple
browsers, perform the check for each browser you have installed on your

No comments: