Tuesday, March 6, 2012

Another Emergency Update for Adobe Flash Player

US-CERT Current Activity

Adobe Releases Update for Adobe Flash Player

added March 5, 2012 at 04:30 pm

Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions:

  • Adobe Flash Player 11.1.102.62 and earlier versions from Windows, Linux, and Solaris operating systems
  • Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x
Exploitation of these vulnerabilities may allow an attacker to take control of the affected system or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB12-05 and apply any necessary updates to help mitigate the risks. 
Adobe warns of 'critical' Flash Player security holes | ZDNet
A pair of researchers in Google’s security team has found gaping holes in Adobe’s ubiquitous Flash Player software.

According to an advisory from Adobe, Googlers Tavis Ormandy and Fermin J. Serna discovered integer errors and a memory corruption vulnerability that could be used by hackers to take complete control of an affected computer.

The vulnerabilities, rated “critical,” were fixed today for Windows, Macintosh, Linux and Solaris OS users.
Adobe Patches Critical Flash Flaws — Krebs on Security
For the second time in less than a month, Adobe has issued an update to fix dangerous flaws in its Flash Player software. The patch addresses two vulnerabilities rated “critical,” but Adobe says it is not aware of active attacks against either flaw.

The fixes being released today address a pair of critical bugs that are present in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Mac, Linux and Solaris, Flash Player v 11.1.115.6 and earlier versions for Android 4.x, and Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. Adobe says both flaws in today’s release were reported by Google security researchers.


ISC Diary | Adobe Flash Player Security Update
Adobe today released bulletin with details regarding two new vulnerabilities in Adobe Flash Player [1]. The vulnerabilities can lead to arbitrary code execution and affects all platforms (don't forget Android and Google Chrome patches!).

There is no indication at this point that the vulnerability has been exploited yet. However, I believe this is an unannounced out-of cycle release.

Also note that twitter is littered with links to various "adobe updates" with suspect destinations. Only download adobe updates using Adobe's own update tools or use the Adobe site itself.
Adobe - Security Bulletins: APSB12-05 - Security update available for Adobe Flash Player

These priority 2 updates address critical
vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions
for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6
and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6
and earlier versions for Android 3.x and 2.x. These vulnerabilities
could cause a crash and potentially allow an attacker to take control of
the affected system.


Adobe recommends users of Adobe Flash Player 11.1.102.62 and
earlier versions for Windows, Macintosh, Linux and Solaris update to
Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6
and earlier versions on Android 4.x devices should update to Adobe Flash
Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier
versions for Android 3.x and earlier versions should update to Flash
Player 11.1.111.7.

.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)