Adobe warns of critical Flash Player flaws

Summary: The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

By Ryan Naraine for Zero Day | August 11, 2010 -- 09:01 GMT (02:01 PDT)

Adobe's ubiquitous Flash Player software is vulnerable to at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

Adobe described the flaws a memory corruption issues that could cause the application to crash and could potentially allow an attacker to take control of the affected system. One of the six vulnerabilities could be exploited to launch clickjacking attacks.

[ Clickjacking: Researchers raise alert for scary new cross-browser exploit ]

Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe AIR users should immediately upgrade to version 2.0.3.

The company also issued a security bulletin with information on a security hotfix for ColdFusion.

This security bulletin announces the availability of a hotfix to address an important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure.

A third bulletin was issued to warn about for separate vulnerabilities affecting the Adobe Flash Media Server.

This security bulletin announces the availability of an update to address critical vulnerabilities in Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system.

The issues affect Flash Media Server 3.5.3 and earlier versions for Windows and UNIX.

Adobe is also expected to ship an emergency fix for gaping holes in its PDF Reader/Acrobat products this week.

Topics: Software, Enterprise Software, Operating Systems, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments

Log in or register to join the discussion

Yup sure would be cool to get this stuff on Apple's iDevices:P

Pagan jim

James Quinn
11 August, 2010 10:13

Reply Vote
- RE: Adobe warns of critical Flash Player flaws
 
 @James Quinn
 
 Nobody is infringing on your choice to NOT have Flash...
 
 Michael Kelly
 11 August, 2010 10:21
 
 Reply Vote
 - Depends on how you look at it....
 
 @Michael Kelly
 If the iDevices were made to be just another computer or computer project and only tech head, geeks and hackers were the iDevice's target customer I'd say fine install what ever, when ever and have at it for that is the nature of the basic customer and those personalities might actually enjoy the issues that come up. However the truth of who purchases these devices is radically different it is people who have little to absolutely NO interest in computers, OS's, and applications. All they want is an appliance. They want fast and simple.. Nor do they have any desire to get into what ever might be slowing them down or causing them problems. If anything were allowed to be installed on these devices you KNOW for certain problems will follow and then what do have? A slow an army of dissatisfied customers who have no idea how to correct the problem or problems they are having nor do they have any interest in learning how to. On the other side we have people like you who have said talents but you are the vast minority and well you have your android stuff either out already or coming out so you have your choice or choices depending on Windows 7 or or Web OS devices as well.
 
 Pagan jim
 
 James Quinn
 11 August, 2010 11:01
 
 Reply Vote
- RE: Adobe warns of critical Flash Player flaws
 
 @James Quinn - true, with incidents like the unjailbroken iPhone's SMS data being ripped off in 20 seconds, and the fact it can be jailbroken to begin with, plus symposiums like PWN2OWN telling the world OS X isn't as secure as it's hyped to be... Case in point: NO PLATFORM IS SECURE. Ultimately it's up to the end users to have some brain cells, regardless of the companies' ability and desire to fix problems. Kudos to Microsoft and Adobe for sure. They remain on top of things or else we wouldn't see as much updates. I'm not sold on Apple's claims just yet...
 
 HypnoToad72
 11 August, 2010 10:27
 
 Reply Vote
 - So you are saying that adding more problems to an
 
 @HypnoToad72
 already imperfect device is wise? Don't think I claimed OSX is perfect nor do the iDevices run on OSX but rather the iOS. Two wrongs don't make a right:)
 
 Pagan jim
 
 James Quinn
 11 August, 2010 10:53
 
 Reply Vote
 - RE: Adobe warns of critical Flash Player flaws
 
 With the way things are heading with Android (already claiming a super phone, open wild wild west philosophy), I am willing to bet this will be the first and probably only platform to incorporate anti-virus and other anti-apps in their phones.
 
 I shutter at the thought of our smart phones becoming like WinPCs with such constant security threats and updates etc.
 
 dave95.
 11 August, 2010 13:12
 
 Reply Vote
- RE: Adobe warns of critical Flash Player flaws
 
 @James Quinn
 
 It's so wonderful to be an Apple user, you never have to make your own decisions, Steve Jobs makes all the decisions for you
 
 And....that is supposed to be some kind of a benefit?
 
 I can see a marketing opportunity here
 
 Some people aren't capable of thinking for themselves.....for everyone else, there's Windows
 
 Doctor Demento
 11 August, 2010 22:42
 
 Reply Vote
 - Let me reverse that...
 
 @Doctor Demento Some people are very capable of thinking for themselves (or differently), which is why they choose Macs. For everyone else that knows no better, there's Windows. I've always argued that WinPC users have lost the whole concept of what a PC is supposed to be (A tool). Which tool would you rather buy, one that requires more maintenance and security risks (PC) or less (Macs).
 
 dave95.
 11 August, 2010 23:50
 
 Reply Vote
looks like Adobe needs to improve

the new updater arrangements for Flash Player, which are required to get these important 10.1.82.76 fixes. - on Firefox and Opera, the new downloader has to be accepted, and then appears to complete -- with no clear message that it has, just an alert on which you can hit cancel or close. Yet if you do, the update won't be installed. You instead need to leave the alert alone, and close Firefox itself, then restart it. Highly error-prone, and the only way to be sure is to use the www.adobe.com/software/flash/about to see that you have the new version numbers. I suspect many people will not actually get the critical update until this is made more robust and clear. Dangerous. - on Google Chrome development channel versions (5.xx), you don't even get a chance to install the critical update. You get a message that Chrome takes care of itself now, by updating Chrome whenever Adobe updates Flash. Except Chrome wasn't updated yesterday. A workaround I used was to disable the Shockwave Flash plugin in Chrome plugins. Then the Adobe updater page would install the new current version. I still have the disabled copy of the old version however - maybe that will go away when Chrome 5.0.375.125 updates itself. How it seemed from here, anyway. [well, Chrome updated itself, on the Develop/Beta channel. To _6_.0.472.33! Very interesting, and it is properly several steps behind the Chromium alpha I also run. This version does have the new Adobe Flash, and not as a plugin at all - all plugin versions are gone. It also has new UI as Chromium has been developing. Ah, these summer months ;)]

Narr vi
11 August, 2010 10:21

Reply Vote
- RE: Adobe warns of critical Flash Player flaws
 
 Well, this is your basic nightmare.
 
 After all the care to install the patched version, Secunia noted the old version still present. In the same directory as the new one.
 
 So, I ran the latest Flash uninstaller. The bad item is still there! Trying to drop it in the trashbin, am informed that desktop Gadget(s) are using it. The OLD version.
 
 Kill all gadgets. Run Flash uninstaller. Still not gone.
 
 Reboot. Run Flash uninstaller. Now it is gone. So is the Flash 'auto-update-installed' by Google Chrome.
 
 Reinstall for IE8 and for other browsers, using the Adobe installers, carefully unchecking installation of unasked toolbars. Now Secunia and adobe checker agree I have the new versions.
 
 What are the odds of a casual user actually getting their Flash installation updated to (only) the new safe version?
 
 And of their Windows _accessories_ running that safe version? This was Windows 7.
 
 Narr vi
 12 August, 2010 12:36
 
 Reply Vote
RE: Adobe warns of critical Flash Player flaws

Don't run flash on my servers, don't have anything on my client worth taking...and Hijackers can't rob an empty house. That said, wouldn't need flash if more sites would stop using it. I can understand games, but there are about a thousand other ways to stream a movie or show.

Socratesfoot
11 August, 2010 12:34

Reply Vote
RE: Adobe warns of critical Flash Player flaws

Thank god, Windows 7 comes w/o flash :)

shellcodes_coder
12 August, 2010 00:41

Reply 1 Vote