madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe plugs 32 security holes in 'critical' Flash Player patch

By | June 10, 2010, 3:10pm PDT

Summary: The Adobe Flash Player 10.1.53.64 update comes on the heels of last week’s in-the-wild attacks against a zero-day hole in Adobe’s Reader and Flash Player product.

Adobe has shipped a “critical” Flash Player update to fix a total of 32 documented vulnerabilities in the ubiquitous software product.

The Adobe Flash Player 10.1.53.64 update comes on the heels of last week’s in-the-wild attacks against a zero-day hole in Adobe’s Reader and Flash Player product.  This patch fixes that vulnerability along with 31 other serious security problems.

[ SEE: Adobe warns of Flash, PDF zero-day attacks ]

This Adobe advisory outlines the severity:follow Ryan Naraine on twitter

Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

The vulnerabilities in this patch batch affects all major operating systems: Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux.

To verify the Adobe Flash Player version number installed on your system, Adobe recommends that users access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Here is a direct link to the Flash Player update.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Macromedia Flash Player, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 36 Talkback(s)

  • Seriously THIS is the product that people demand
    access to on the iPad?

    Pagan jim
    ZDNet Gravatar
    James Quinn
    10th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    @James Quinn

    No, this is the product that people who would never buy an iPad demand access to on the iPad.
    ZDNet Gravatar
    buddhistMonkey
    10th Jun 2010
  • Only 32 security holes? This is peanuts compare to safari and ios4
    I mean I remove all flash and java from all my machines so I can understand why you wouldnt want to add any more but no one can possiby believe apple seriously cares about security given their history to this point...
    ZDNet Gravatar
    Johnny Vegas
    10th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    @James Quinn
    Seriously THIS is the product that people demand access to on the iPad?

    Yes. If number of vulnerabilities is a reason to ban a product from the iPad, Safari would have to go.

    Or did you miss the fact that Safari now ranks among the most vulnerable browsers, right up there with Firefox and Chrome?
    ZDNet Gravatar
    honeymonster
    10th Jun 2010
  • Firefox and Chrome? haha....
    @honeymonster The two most secure browsers because they keep them updated. Safari just got it's first major update and all they did was grab the code Chrome rolled back into Webkit Tool Set. Which by the way is built on Linux/Unix KDE's Konqueror Browser KHTML Protocol and Engine. Oh.... and claim to be the most innovative browser for that! lol...

    In case you don't know as I see you don't, Chrome Browser was the only browser NOT hacked at PWN2OWN this year!

    FLASH 10.1 since no one here understands was immune to these same vulnerabilities found in the older version. But do you think ZDNet or any other site will point that out? NO!!!!!

    That's too positive to make any news. If you haven't downloaded 10.1 then you're missing out on lots of new features like Hardware Acceleration. You can fact test this out very easy by enabling and disabling acceleration in the first tab of the new settings panel. By right clicking on a YouTube video and clicking Settings panel. It now has Speed Test, Stop Download, and new Global settings with security setup tab.

    Safari though.... like you say, is by far the browser for security, features, and speed? Ha... half fast only on certain sites!
    ZDNet Gravatar
    i2fun@...
    11th Jun 2010
  • Seriously now...
    @i2fun
    Just because Webkit is a fork of KHTML and Konqueror from Linux's KDE doesn't make that automatically secure. Heck... Darwin, on its own is pretty good when it comes to security - but look at the swiss cheese OSX has become because Apple mucked about with it.

    FLASH 10.1 since no one here understands was immune to these same vulnerabilities found in the older version. But do you think ZDNet or any other site will point that out? NO!!!!!

    Secondly.. Did you bother reading the post this thread is linked to? It would seem to me that the whole point of this post is to inform people that there are 32 vulnerabilities that got patched.
    ZDNet Gravatar
    Wolfie2K3
    11th Jun 2010
  • OLD FLASH is Vulnerable! Not the 10.1 Preview! FACT!
    @Wolfie2K3 That's the MAIN problem with this story! They fail to differentiate the that newest FLASH is a whole different beast! ....and it has not been affected whatsoever by any of those vulnerabilities, that are for some versions that are now many years old. Those are accumulated vulnerabilities for OLD versions period!

    Now I know you haven't even done your research and most of all haven't (if you've even bothered to download it or have the hardware to support acceleration) even explored the new "Global Settings" panel that's only accessible via a "Remote Authentication Link" on Adobe's site. You click the panel open there and only there. You can't access it via your own computer, even though the panel accesses your computer's FLASH controls from within your computer for security!

    Quote:
    "A critical vulnerability has been discovered in Adobe Flash Player 10.0.45.2 and Adobe Reader/Acrobat 9.x. The newest available version of Adobe Flash 10.1, Release Candidate 7 (available at http://labs.adobe.com/technologies/flashplayer10/ ), does not appear to contain this vulnerability , and we recommend that everyone upgrade their Flash player as soon as possible. Earlier versions of Adobe Reader and Acrobat, specifically version 8.x, do not appear to contain this vulnerability, either."

    There are 8 tabs within this new global settings panel including security settings. The browser right click Menu on a video now has man new feature choices and a 5 tab panel with a enable/disable acceleration control under the first tab!

    LEARN TO USE WHAT ADOBE HAS BEEN WORKING ON TO MAKE FLASH BETTER and MORE SECURE..... then you can criticize it!!!
    ZDNet Gravatar
    i2fun@...
    15th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    @James Quinn I was thinking the same thing - why would I want this on my iPhone? Or iPad if I owned one?
    ZDNet Gravatar
    Pete "athynz" Athens
    11th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    In line with your column about Microsoft's latest patchs, shouldn't your headline be "Adobe finally plugs 32 security holes..."?
    ZDNet Gravatar
    Vesicant
    10th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    @Vesicant
    Uh... I think "Adobe plugs 32 security holes in 'Critical' Flash Player patch says exactly that...
    ZDNet Gravatar
    Wolfie2K3
    11th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    Finally an Adobe eazy update!
    ZDNet Gravatar
    rhonin
    10th Jun 2010
  • RE: Adobe plugs 32 security holes in 'critical' Flash Player patch
    @zenwalker I take it you're being sarcastic? God forbid one should want to update this turkey through anything other than IE...
    ZDNet Gravatar
    DarwinStearns
    11th Jun 2010
  • Also useful ...
    ... would be a link to the uninstall utility
    http://kb2.adobe.com/cps/141/tn_14157.html
    ... which I take it is still the best way to proceed rather than going through Windows uninstall via Control Panel.
    ZDNet Gravatar
    johnfenjackson@...
    11th Jun 2010
  • Linux 64 bit
    Well as usual if you run 64 bit Linux you're hosed...
    ZDNet Gravatar
    pgit
    11th Jun 2010
  • Err Don't you mean Safe!
    @pgit

    There's very little that I miss browsing without Flash. Indeed it is rather good without all those horrible flashing things on the screen.

    If I really must look at You Tube, then I use Windoze.

    Flash is never simple to upgrade. It is even difficult to find out what version is installed, and I hate the download stubs and having to jump through hoops to get the full download, so it can be applied locally to PCs.
    ZDNet Gravatar
    david.hunt@...
    14th Jun 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here