Adobe Releases Critical Security Update for Flash Player

Wednesday, March 28, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Adobe has released an update for Flash Player to mitigate multiple vulnerabilities which could allow an attacker to remotely take control of an infected system or cause a denial-of-service.

Adobe classified these vulnerabilities as critical. The affected software versions include the following:

  • Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems
  • Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x
  • Adobe Air 3.1.0.4880 and earlier versions for Windows, Macintosh, and Android

Adobe noted that the Flash Player 11.1.115.7 and earlier versions for Android 4.x are not at risk from these vulnerabilities. The company recommends the following mitigation:

  • Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228 by downloading it from the Adobe Flash Player Download Center. Users of Adobe Flash Player 11.1.102.63 and earlier versions for Solaris should update to Adobe Flash Player 11.2.202.223 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.183.16 or later for Macintosh can install the update via the update mechanism within the product when prompted.
  • For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18, which can be downloaded here.
  • Users of Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.8 by browsing to the Android Marketplace on an Android device.
  • Adobe recommends users of Adobe AIR 3.1.0.4880 and earlier versions for Windows, Macintosh and Android update to Adobe AIR 3.2.0.2070.

More information on the vulnerabilities and recommended mitigation can be found here:

Adobe has also announced that Flash Player 11.2 for Windows is now equipped with an automatic update feature to help users maintain the most current version of the software.

"If you read this September 2011 CSIS report, then you saw that 99.8 percent of malware installs through exploit kits are targeting out-of-date software installations. This point was reiterated recently in volume 11 of the Microsoft Security Intelligent Report. Also, attackers have been taking advantage of users trying to manually search for Flash Player updates by buying ads on search engines pretending to be legitimate Flash Player download sites. Improving the update process is probably the single most important challenge we can tackle for our customers at this time," the Adobe blog noted.

More information on the new updater feature can be found here: 

Possibly Related Articles:
13892
Adobe Software malware Vulnerabilities Attacks Exploits Headlines Update Critical Patch Updates Flash Player
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.