Critical Flash Player Hole Closed

Monday, May 7, 2012 @ 08:05 AM gHale


Attacks centered on Adobe’s Flash Player are in play just as the company released a security advisory relating to an object confusion vulnerability that could allow an attacker to crash the player or take control of an affected system.

Exploits are hitting the cyber street as part of targeted email-based attacks which trick the user into clicking on a malicious file. While this exploit only targets Flash Player on Internet Explorer on Windows, the vulnerability does exist on Windows, Mac OS X, Linux and Android versions of the player.

RELATED STORIES
Adobe Patches Flash Player, Again
Adobe Patches ColdFusion Flaw
Flash Player Flaws Fixed
Adobe Patches Flash Player, Again

An update to Adobe Flash Player 11.2.202.235 on Windows, Mac OS X and Linux should apply to anyone running version 11.2.202.233 or earlier. For verification on which version of Flash player is on the machine, visit the Flash Player About page. Windows users should be able to also activate the silent update recently introduced to Flash Player.

Google Chrome’s Flash Player has already updated automatically. Android users should, depending on their version of Android, update their players; Android 4.0 users running 11.1.115.7 and earlier should update to 11.1.115.8 and Android 3.0 users running 11.1.111.8 and earlier should update to 11.1.111.9. In either case, users should browse to Google Play and its Flash Player page for the update.



Leave a Reply

You must be logged in to post a comment.