Flash Player Update Fixes Zero-Day Flaw

Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.

In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — across-site scripting vulnerability (CVE-2012-0767) reported by Google –  was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet Explorer on Windows.

Adobe is urging users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris to update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6.

To find out what version of Flash you have installed, visit this page. Users can grab the latest version from theAdobe Flash Player Download Center, although if you’re not careful to untick the check box next to whatever “optional” goodies Adobe tries to bundle with Flash Player (the most common is McAfee Security Scan Plus) you could end up with more than you wanted. Thankfully, Adobe no longer appears to make you first install its annoying Download Manager to grab the latest Flash version, or at least it didn’t when I fetched the update today. Chrome users should already have this update, as Chrome auto-installs Flash updates – often hours or days before the fixes are publicly released for download.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: