madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe warns of critical Flash Player flaws

By | August 11, 2010, 9:01am PDT

Summary: The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe’s ubiquitous Flash Player software is vulnerable to at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

Adobe described the flaws a memory corruption issues that could cause the application to crash and could potentially allow an attacker to take control of the affected system.   One of the six vulnerabilities could be exploited to launch clickjacking attacks.

Clickjacking: Researchers raise alert for scary new cross-browser exploit ]

Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76.  Adobe AIR users should immediately upgrade to version 2.0.3.

The company also issued a security bulletin with information on a security hotfix for ColdFusion.

This security bulletin announces the availability of a hotfix to address an important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure.

third bulletin was issued to warn about for separate vulnerabilities affecting the Adobe Flash Media Server.

This security bulletin announces the availability of an update to address critical vulnerabilities in Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system.

The issues affect Flash Media Server 3.5.3 and earlier versions for Windows and UNIX.

Adobe is also expected to ship an emergency fix for gaping holes in its PDF Reader/Acrobat products this week.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Adobe Flash, Vulnerability, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 12 Talkback(s)

  • Yup sure would be cool to get this stuff on Apple's iDevices:P
    Pagan jim
    ZDNet Gravatar
    James Quinn
    11th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    @James Quinn

    Nobody is infringing on your choice to NOT have Flash...
    ZDNet Gravatar
    Michael Kelly
    11th Aug 2010
  • Depends on how you look at it....
    @Michael Kelly
    If the iDevices were made to be just another computer or computer project and only tech head, geeks and hackers were the iDevice's target customer I'd say fine install what ever, when ever and have at it for that is the nature of the basic customer and those personalities might actually enjoy the issues that come up. However the truth of who purchases these devices is radically different it is people who have little to absolutely NO interest in computers, OS's, and applications. All they want is an appliance. They want fast and simple.. Nor do they have any desire to get into what ever might be slowing them down or causing them problems. If anything were allowed to be installed on these devices you KNOW for certain problems will follow and then what do have? A slow an army of dissatisfied customers who have no idea how to correct the problem or problems they are having nor do they have any interest in learning how to. On the other side we have people like you who have said talents but you are the vast minority and well you have your android stuff either out already or coming out so you have your choice or choices depending on Windows 7 or or Web OS devices as well.

    Pagan jim
    ZDNet Gravatar
    James Quinn
    11th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    @James Quinn - true, with incidents like the unjailbroken iPhone's SMS data being ripped off in 20 seconds, and the fact it can be jailbroken to begin with, plus symposiums like PWN2OWN telling the world OS X isn't as secure as it's hyped to be...

    Case in point: NO PLATFORM IS SECURE. Ultimately it's up to the end users to have some brain cells, regardless of the companies' ability and desire to fix problems. Kudos to Microsoft and Adobe for sure. They remain on top of things or else we wouldn't see as much updates. I'm not sold on Apple's claims just yet...
    ZDNet Gravatar
    HypnoToad72
    11th Aug 2010
  • So you are saying that adding more problems to an
    @HypnoToad72
    already imperfect device is wise? Don't think I claimed OSX is perfect nor do the iDevices run on OSX but rather the iOS. Two wrongs don't make a right:)

    Pagan jim
    ZDNet Gravatar
    James Quinn
    11th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    With the way things are heading with Android (already claiming a super phone, open wild wild west philosophy), I am willing to bet this will be the first and probably only platform to incorporate anti-virus and other anti-apps in their phones.

    I shutter at the thought of our smart phones becoming like WinPCs with such constant security threats and updates etc.
    ZDNet Gravatar
    dave95.
    11th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    @James Quinn

    It's so wonderful to be an Apple user, you never have to make your own decisions, Steve Jobs makes all the decisions for you

    And....that is supposed to be some kind of a benefit?

    I can see a marketing opportunity here

    Some people aren't capable of thinking for themselves.....for everyone else, there's Windows
    ZDNet Gravatar
    Doctor Demento
    11th Aug 2010
  • Let me reverse that...
    @Doctor Demento

    Some people are very capable of thinking for themselves (or differently), which is why they choose Macs. For everyone else that knows no better, there's Windows.

    I've always argued that WinPC users have lost the whole concept of what a PC is supposed to be (A tool). Which tool would you rather buy, one that requires more maintenance and security risks (PC) or less (Macs).
    ZDNet Gravatar
    dave95.
    11th Aug 2010
  • looks like Adobe needs to improve
    the new updater arrangements for Flash Player, which are required to get these important 10.1.82.76 fixes.

    - on Firefox and Opera, the new downloader has to be accepted, and then appears to complete -- with no clear message that it has, just an alert on which you can hit cancel or close. Yet if you do, the update won't be installed. You instead need to leave the alert alone, and close Firefox itself, then restart it. Highly error-prone, and the only way to be sure is to use the www.adobe.com/software/flash/about to see that you have the new version numbers. I suspect many people will not actually get the critical update until this is made more robust and clear. Dangerous.

    - on Google Chrome development channel versions (5.xx), you don't even get a chance to install the critical update. You get a message that Chrome takes care of itself now, by updating Chrome whenever Adobe updates Flash. Except Chrome wasn't updated yesterday. A workaround I used was to disable the Shockwave Flash plugin in Chrome plugins. Then the Adobe updater page would install the new current version. I still have the disabled copy of the old version however - maybe that will go away when Chrome 5.0.375.125 updates itself.

    How it seemed from here, anyway.

    [well, Chrome updated itself, on the Develop/Beta channel. To _6_.0.472.33! Very interesting, and it is properly several steps behind the Chromium alpha I also run. This version does have the new Adobe Flash, and not as a plugin at all - all plugin versions are gone. It also has new UI as Chromium has been developing. Ah, these summer months ;)]
    ZDNet Gravatar
    Narr vi
    11th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    Well, this is your basic nightmare.

    After all the care to install the patched version, Secunia noted the old version still present. In the same directory as the new one.

    So, I ran the latest Flash uninstaller. The bad item is still there! Trying to drop it in the trashbin, am informed that desktop Gadget(s) are using it. The OLD version.

    Kill all gadgets. Run Flash uninstaller. Still not gone.

    Reboot. Run Flash uninstaller. Now it is gone. So is the Flash 'auto-update-installed' by Google Chrome.

    Reinstall for IE8 and for other browsers, using the Adobe installers, carefully unchecking installation of unasked toolbars. Now Secunia and adobe checker agree I have the new versions.

    What are the odds of a casual user actually getting their Flash installation updated to (only) the new safe version?

    And of their Windows _accessories_ running that safe version? This was Windows 7.
    ZDNet Gravatar
    Narr vi
    12th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    Don't run flash on my servers, don't have anything on my client worth taking...and Hijackers can't rob an empty house. That said, wouldn't need flash if more sites would stop using it. I can understand games, but there are about a thousand other ways to stream a movie or show.
    ZDNet Gravatar
    Socratesfoot
    11th Aug 2010
  • RE: Adobe warns of critical Flash Player flaws
    Thank god, Windows 7 comes w/o flash happy
    ZDNet Gravatar
    shellcodes_coder
    12th Aug 2010

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here