Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 5 MINUTES AGO.
You are here: Home / Network Security / Adobe Fixes Security Flaws in Flash
Adobe Fixes Serious Security Flaws in Flash
Adobe Fixes Serious Security Flaws in Flash
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
14
2015
On Tuesday, Adobe released a security update that fixes multiple security flaws in Adobe Flash Player, including vulnerabilities that could allow an attacker to take over a user’s system. The updates apply to versions of Adobe Flash Player for Windows, Microsoft, iOS, Android and Linux, and are available for download at the Adobe Web site.

The update includes patches for a variety of problems, four of which Adobe rated as “critical,” its highest priority ranking. According to Adobe, critical vulnerabilities include those which, if exploited would allow malicious native-code to execute, potentially without a user being aware. Users can go to the Adobe Web site to verify which version of Flash Player they are running and upgrade to the latest version. Users running multiple browsers should perform a check for each one installed on their systems.

The Vulnerabilities Keep Coming

The update comes only a week after hackers took advantage of a Flash vulnerability to attack the AOL Ad Network with a nasty bit of malvertising. The attack affected popular Web sites such as the Huffington Post, GameZone and LA Weekly. Ads hosted on those sites from an AOL ad network redirected visitors to a site that exploited a Flash bug to download a Trojan onto the user’s computer.

According to Adobe, users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to the latest version. Similarly, users of the Adobe Flash Player Extended Support Release, Adobe Flash Player for Linux, Adobe Flash Player for the Chrome browser and Internet Explorer, Adobe AIR desktop runtime, Adobe AIR SDK, Adobe AIR SDK and Compiler, and Adobe Air for Android should also update to the latest versions of their respective software.

The news of yet another vulnerability in Flash is unlikely to win Adobe any more fans. Flash Player has frequently been derided for its vulnerabilities by members of the IT security sector. Perhaps most famously, Steve Jobs refused to allow Flash to run on iOS devices such as the iPad, citing security concerns.

Critical Vulnerabilities Addressed

The vulnerabilities in Flash Player Desktop Runtime, Flash Player Extended Support Release, Flash Player for Google Chrome and Flash Player for Internet Explorer 11 and 10 are all labeled as critical by Adobe. The vulnerabilities in Flash Player, AID SDK, AIR SDK and Compiler and AIR for Android are considered to be much less serious by Adobe because they involve flaws that historically have not been targets for attackers. Users may install updates to these programs at their discretion, the company said.

The update resolves an improper file validation issue, an information disclosure vulnerability that could be exploited to capture keystrokes, memory corruption issues that could lead to code execution, heap-based buffer overflow issues, out-of-bounds read vulnerabilities that could be exploited to leak memory addresses, and a user-after-free vulnerability that could lead to code execution.

Tell Us What You Think
Comment:

Name:

Sheila Lenton:
Posted: 2015-01-15 @ 9:52am PT
Capturing key strokes - makes me very nervous. I hope I can download the right fix for this problem. When an update comes to me in a pop up I feel hesitant to take it in case it is not authentic.

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.