Adobe plugs dangerous Flash Player security holes

Adobe plugs dangerous Flash Player security holes

Summary: Adobe has shipped a critical Flash Player update to fix at least seven documented security vulnerabilities that expose nearly every computer user to dangerous hacker attacks.

SHARE:

Adobe has shipped a critical Flash Player update to fix at least seven documented security vulnerabilities that expose nearly every computer user to dangerous hacker attacks.

The Flash Player 10.0.42.34 update is available for all platforms (Windows, Linux and Mac OS X).  A new version off Adobe AIR is also available. Here are the raw details:

From Adobe's advisory:

  • This update resolves a vulnerability in the parsing of JPEG data that could potentially lead to code execution (CVE-2009-3794).
  • This update resolves a data injection vulnerability that could potentially lead to code execution (CVE-2009-3796).
  • This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3797).
  • This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3798).
  • This update resolves an integer overflow vulnerability that could potentially lead to code execution (CVE-2009-3799).
  • This update resolves multiple crash vulnerabilities that could potentially lead to code execution (CVE-2009-3800).
  • This update resolves a Windows-only local file name access vulnerability in the  Flash Player ActiveX control that could potentially lead to information disclosure (CVE-2009-3951). This updates the previously patched issue, CVE-2008-4820.

Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.

To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu.  If you use multiple browsers, perform the check for each browser you have installed on your system.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • flash fix

    Oh boy, another fix til the next hole.
    m_a_simons@...
  • Yay!

    They're really starting to compete with Microsoft for
    holiest product ever.


    Go Adobe!


    Everyone is so cool for making their websites rely on
    flash for absolutely trivial things so that we all must
    fucking install it!
    AzuMao
    • Not happy about it needing it either, but...

      At least the 64 bit Linux plugin was updated too:

      http://labs.adobe.com/downloads/flashplayer10_64bit.html
      Zogg
    • Re: Yay!

      Actually... when you think about it in terms of a patches to product line ratio, it's a bit scary... a comparison could be made of the vulnerabilities in the Media Player plug-in vs. vulnerabilities in Flash.

      Adobe has only recently started to even think about security in their products. The Flash team is years behind everyone in security practices, as well as taking into consideration corporate networks. I'd love to ban any and all Adobe products from our systems, just because they're so network unfriendly (just take a look at our firewall logs... Adobe Flash loves to ignore proxy settings, etc and try to go directly to the Internet, which isn't permitted on any properly set up network).
      s_southern
    • RE: YAY

      Microsoft, yes it has holes but lest we forget. You forgot to mention Mac OS X with it's "58 MEGA HOLES" patch!! See link:
      http://blogs.zdnet.com/security/?p=4870&tag=nl.e550
      If your going to throw stones make sure your house is made of Plexiglas. You sure like to trash M$ but your "god" has it's OWN share of "HOLES".
      Disgruntled_MS_User
      • LOL

        Sorry, I hate Macs too.


        But if it's okay to pick on them for holes in
        random third party software, is it okay if I do
        the same for Windows? Like, every time there is a
        vulnerability in Firefox or Flash, blame it on
        Windows? Nice logic!
        AzuMao
  • RE: Adobe plugs dangerous Flash Player security holes

    I hate that so many sites are built using Flash but I'm sure all the hackers love it. IMHO Flash is the worst piece of crap ever imposed on the general public.
    clark.ware@...
    • What about ActiveX?

      Or that doesn't count as forced since it only
      comes pre-installed on Windows computers?
      AzuMao
      • Equal Opportunity Destroyer

        Flash is an equal opportunity destroyer.
        It doesn't care which OS it screws up!

        lehnerus2000
        lehnerus2000
        • Point taken.

          [b] [/b]
          AzuMao
  • Flash single-handedly increased minimum computing requirements

    If you look at older systems, such as Pentium III systems, there is ONLY ONE reason why these systems are not viable desktops today: Adobe Flash

    Adobe has a very arrogant viewpoint, not just about Flash but about all of their products. If you can't run PhotoShop, Adobe's view is that it's because you're not running a Cray-MP on your desk, and has nothing to do with crappy software engineering.

    I would like to see a shift toward Ajax and away from flash.
    jparr
    • Not gonna happen!

      Using Flash for absolutely trivial things like
      rollover effects is the wave of the future!
      AzuMao
      • Agreed (unfortunately)

        nt

        lehnerus2000
        lehnerus2000
  • RE: Adobe plugs dangerous Flash Player security holes

    "If you look at older systems, such as Pentium III systems, there is ONLY ONE reason why these systems are not viable desktops today: Adobe Flash"

    Uh, sorry, but that's ridiculous. Can your Pentium III run Call of Duty 4? Are you saying that developers should limit their hardware requirements to systems build 5 years ago? Look, no one's forcing you to run photoshop or flash or any game written in the last decade, but those of us who can shell out a few bucks for the extra processing power think it's worth it. Oh and btw, flash runs as well on a P3 as anything else does... it runs on Android phones now, so how slow could it possibly be?
    joshstrike
    • With..

      ..lowered settings, sure why not? All it takes is
      one compiler flag to make the executable have code
      paths to fall back to in case of older processors.
      It's not like they wrote the engine in assembly
      and would thus have to do some actual work to
      provide backwards compatibility.


      <a href="http://www.intel.com/software/products/compilers/docs/flin/main_for/copts/common_options/option_ax_lcase.htm">Here's</a> the flag
      for Intel's compiler, if you're interested. Not sure what the MSVC or GCC versions are called.



      Edit: fixed link
      AzuMao
  • RE: Adobe plugs dangerous Flash Player security holes

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane