Flash Player Updates Plug Holes

Monday, February 20, 2012 @ 07:02 PM gHale


Adobe closed seven holes in Flash Player; six allow an attacker to infect a PC using crafted web pages and the seventh is a cross site scripting currently suffering from “active targeted attacks”.

The attacks, aimed only at Internet Explorer on Windows, try to trick the user into clicking on a malicious link. Adobe said the hole “could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website.”

RELATED STORIES
Flash in Sandbox for Firefox
Trojan Targets Contractors
Apple Security Fix for OS X
Struggle to Secure Mobile Devices

Flash Player version 11.1.102.55 and earlier on Windows, Macintosh, Linux and Solaris, version 11.1.112.61 and earlier for Android 4.x, and version 11.1.111.5 and earlier for Android 3.x and 2.x all suffer from the issue.

Desktop Flash users should update to 11.1.102.55 by downloading it from Adobe’s site. Android 4.x users should update to 11.1.115.6 and Android 3.x and 2.x users should update to version 11.1.111.6 by browsing to the Android Market Place for an update.

Google’s Chrome browser, which embeds the Flash Player, updated to version 17.0.963.56 on Windows, Mac, Linux and Chrome Frame.

The Chrome update also addresses thirteen high, medium and low severity security issues, eight of which paid out from $500 to $1337 in bug bounty rewards. Google Chrome updates should automatically deliver to Chrome users.



Leave a Reply

You must be logged in to post a comment.