Adobe plugs 32 security holes in 'critical' Flash Player patch

Adobe plugs 32 security holes in 'critical' Flash Player patch

Summary: The Adobe Flash Player 10.1.53.64 update comes on the heels of last week's in-the-wild attacks against a zero-day hole in Adobe's Reader and Flash Player product.

SHARE:
36

Adobe has shipped a "critical" Flash Player update to fix a total of 32 documented vulnerabilities in the ubiquitous software product.

The Adobe Flash Player 10.1.53.64 update comes on the heels of last week's in-the-wild attacks against a zero-day hole in Adobe's Reader and Flash Player product.  This patch fixes that vulnerability along with 31 other serious security problems.

[ SEE: Adobe warns of Flash, PDF zero-day attacks ]

This Adobe advisory outlines the severity:follow Ryan Naraine on twitter

Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

The vulnerabilities in this patch batch affects all major operating systems: Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux.

To verify the Adobe Flash Player version number installed on your system, Adobe recommends that users access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Here is a direct link to the Flash Player update.

Topic: Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • Seriously THIS is the product that people demand

    access to on the iPad?

    Pagan jim
    James Quinn
    • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

      @James Quinn

      No, this is the product that people who would never buy an iPad demand access to on the iPad.
      buddhistMonkey
    • Only 32 security holes? This is peanuts compare to safari and ios4

      I mean I remove all flash and java from all my machines so I can understand why you wouldnt want to add any more but no one can possiby believe apple seriously cares about security given their history to this point...
      Johnny Vegas
    • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

      @James Quinn
      <i>Seriously THIS is the product that people demand access to on the iPad?</i>

      Yes. If number of vulnerabilities is a reason to ban a product from the iPad, <b>Safari</b> would have to go.

      Or did you miss the fact that Safari now ranks among the most vulnerable browsers, right up there with Firefox and Chrome?
      honeymonster
      • Firefox and Chrome? haha.... :D

        @honeymonster The two most secure browsers because they keep them updated. Safari just got it's first major update and all they did was grab the code Chrome rolled back into Webkit Tool Set. Which by the way is built on Linux/Unix KDE's Konqueror Browser KHTML Protocol and Engine. Oh.... and claim to be the most innovative browser for that! lol...

        In case you don't know as I see you don't, Chrome Browser was the only browser NOT hacked at PWN2OWN this year!

        FLASH 10.1 since no one here understands was immune to these same vulnerabilities found in the older version. But do you think ZDNet or any other site will point that out? NO!!!!!

        That's too positive to make any news. If you haven't downloaded 10.1 then you're missing out on lots of new features like Hardware Acceleration. You can fact test this out very easy by enabling and disabling acceleration in the first tab of the new settings panel. By right clicking on a YouTube video and clicking Settings panel. It now has Speed Test, Stop Download, and new Global settings with security setup tab.

        Safari though.... like you say, is by far the browser for security, features, and speed? Ha... half fast only on certain sites!
        i2fun@...
      • Seriously now...

        @i2fun
        Just because Webkit is a fork of KHTML and Konqueror from Linux's KDE doesn't make that automatically secure. Heck... Darwin, on its own is pretty good when it comes to security - but look at the swiss cheese OSX has become because Apple mucked about with it.

        [b]FLASH 10.1 since no one here understands was immune to these same vulnerabilities found in the older version. But do you think ZDNet or any other site will point that out? NO!!!!! [/b]

        Secondly.. Did you bother reading the post this thread is linked to? It would seem to me that the whole point of this post is to inform people that there are 32 vulnerabilities that got patched.
        Wolfie2K3
      • OLD FLASH is Vulnerable! Not the 10.1 Preview! FACT!

        @Wolfie2K3 That's the MAIN problem with this story! They fail to differentiate the that newest FLASH is a whole different beast! ....and it has not been affected whatsoever by any of those vulnerabilities, that are for some versions that are now many years old. Those are accumulated vulnerabilities for OLD versions period!<br><br>Now I know you haven't even done your research and most of all haven't (if you've even bothered to download it or have the hardware to support acceleration) even explored the new "Global Settings" panel that's only accessible via a "Remote Authentication Link" on Adobe's site. You click the panel open there and only there. You can't access it via your own computer, even though the panel accesses your computer's FLASH controls from within your computer for security!<br><br>Quote:<br>"A critical vulnerability has been discovered in Adobe Flash Player 10.0.45.2 and Adobe Reader/Acrobat 9.x. The newest available version of Adobe Flash 10.1, Release Candidate 7 (available at <a href="http://labs.adobe.com/technologies/flashplayer10/" target="_blank" rel="nofollow"><a href="http://labs.adobe.com/technologies/flashplayer10/" target="_blank" rel="nofollow">http://labs.adobe.com/technologies/flashplayer10/</a></a>), <B>does not appear to contain this vulnerability</B>, and we recommend that everyone upgrade their Flash player as soon as possible. Earlier versions of Adobe Reader and Acrobat, specifically version 8.x, do not appear to contain this vulnerability, either."<br><br>There are 8 tabs within this new global settings panel including security settings. The browser right click Menu on a video now has man new feature choices and a 5 tab panel with a enable/disable acceleration control under the first tab!<br><br>LEARN TO USE WHAT ADOBE HAS BEEN WORKING ON TO MAKE FLASH BETTER and MORE SECURE..... then you can criticize it!!! <img border="0" src="http://www.cnet.com/i/mb/emoticons/wink.gif" alt="wink">
        i2fun@...
    • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

      @James Quinn I was thinking the same thing - why would I want this on my iPhone? Or iPad if I owned one?
      athynz
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

    In line with your column about Microsoft's latest patchs, shouldn't your headline be "Adobe finally plugs 32 security holes..."?
    Vesicant
    • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

      @Vesicant
      Uh... I think "Adobe plugs 32 security holes in 'Critical' Flash Player patch says exactly that...
      Wolfie2K3
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

    Finally an Adobe eazy update!
    rhonin
    • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

      @zenwalker I take it you're being sarcastic? God forbid one should want to update this turkey through anything other than IE...
      DarwinStearns
  • Also useful ...

    ... would be a link to the uninstall utility
    http://kb2.adobe.com/cps/141/tn_14157.html
    ... which I take it is still the best way to proceed rather than going through Windows uninstall via Control Panel.
    jacksonjohn
  • Linux 64 bit

    Well as usual if you run 64 bit Linux you're hosed...
    pgit
    • Err Don't you mean Safe!

      @pgit

      There's very little that I miss browsing without Flash. Indeed it is rather good without all those horrible flashing things on the screen.

      If I really must look at You Tube, then I use Windoze.

      Flash is never simple to upgrade. It is even difficult to find out what version is installed, and I hate the download stubs and having to jump through hoops to get the full download, so it can be applied locally to PCs.
      david.hunt@...
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

    The link you supplied is for Internet Explorer only. Do you have a link to download the Firefox version? If I use http://get.adobe.com/flashplayer/ it triggers the Adobe download manager which returns an error message every time I go to update Flash, and they don't even supply an alternate link to download and install it manually. What a joke!
    Tank252ca
    • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

      @Tank252ca believe me, you NEED to install the IE version first, after that you'll have the so crappy Adobe getplus on Firefox.
      Gradius2
      • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch

        @Gradius2
        If you don't want to deal with the B.S. downloader, you can get the genuine MSI installer for the plugin by merely Googling "install_flash_player_10_plugin.msi". Downloads straight from a macromedia.com server.
        raynebc@...
    • Firefox update is easy...

      @Tank252ca
      Open FF, Click on Tools | Add ons and click on the Plug-Ins tab. Click the Find Updates button at the bottom. It'll open a web page and will give you a list of plug-ins, the version number and which ones have critical updates ready to go... Click the red button for Flash and it'll go grab it and install it.

      Problem solved.
      Wolfie2K3
    • Non-IE Flash Player download link

      @Tank252ca: here's the direct link to download the latest Adobe Flash Player for non-IE (Mozilla/Firefox/Opera/Chrome/Safari) browsers:
      http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

      why did Ryan Naraine only posted the Flash Player download link for IE browsers and not the other Flash Player for Mozilla browsers? guess he forgot there were two separate Flash player downloads.
      ep-man