Adobe Patches 12 Critical Flash Holes

Tuesday, November 15, 2011 @ 01:11 PM gHale


Adobe has closed 12 critical holes in all supported versions of Flash Player up to and including version 11.0.1.152.

The memory corruption vulnerabilities allowed attackers to inject malicious code on computers; visiting a specially crafted web page is all that a user has to do to become a victim. When the victim uses Internet Explorer, attackers can exploit a further hole to bypass the cross-domain policy.

RELATED STORIES
Firefox 8 Patches 8 Bugs
Zeus Now Using Autorun
Old Becomes New: DLL Loading is Back
Weak Sites Victimize Visitors

The recommendation is for all users to update to the latest version 11.1.102.55 of Flash immediately to protect their systems. Users can check which version of Flash they are running in their browser by visiting the Adobe Flash Player page. Flash Player for Android is facing the same issues – the most recent vulnerable version is 11.0.1.153; the update to version 11.1.102.59 can install via the Android Market.

Version 3.0 of the AIR application platform (including Adobe AIR for Android) is also vulnerable. Updating to version 3.1.0.4880 fixes the issues and improves overall performance.

A Stable channel update of Google Chrome to version 15 already includes the current Flash Player release and addresses other vulnerabilities in the WebKit-based web browser.



Leave a Reply

You must be logged in to post a comment.