Adobe warns of critical Flash Player flaws

Adobe warns of critical Flash Player flaws

Summary: The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

SHARE:

Adobe's ubiquitous Flash Player software is vulnerable to at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

Adobe described the flaws a memory corruption issues that could cause the application to crash and could potentially allow an attacker to take control of the affected system.   One of the six vulnerabilities could be exploited to launch clickjacking attacks.

Clickjacking: Researchers raise alert for scary new cross-browser exploit ]

Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76.  Adobe AIR users should immediately upgrade to version 2.0.3.

The company also issued a security bulletin with information on a security hotfix for ColdFusion.

This security bulletin announces the availability of a hotfix to address an important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure.

third bulletin was issued to warn about for separate vulnerabilities affecting the Adobe Flash Media Server.

This security bulletin announces the availability of an update to address critical vulnerabilities in Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system.

The issues affect Flash Media Server 3.5.3 and earlier versions for Windows and UNIX.

Adobe is also expected to ship an emergency fix for gaping holes in its PDF Reader/Acrobat products this week.

Topics: Software, Enterprise Software, Operating Systems, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Yup sure would be cool to get this stuff on Apple's iDevices:P

    Pagan jim
    anonymous
    • RE: Adobe warns of critical Flash Player flaws

      @James Quinn

      Nobody is infringing on your choice to NOT have Flash...
      Michael Kelly
      • Depends on how you look at it....

        @Michael Kelly
        If the iDevices were made to be just another computer or computer project and only tech head, geeks and hackers were the iDevice's target customer I'd say fine install what ever, when ever and have at it for that is the nature of the basic customer and those personalities might actually enjoy the issues that come up. However the truth of who purchases these devices is radically different it is people who have little to absolutely NO interest in computers, OS's, and applications. All they want is an appliance. They want fast and simple.. Nor do they have any desire to get into what ever might be slowing them down or causing them problems. If anything were allowed to be installed on these devices you KNOW for certain problems will follow and then what do have? A slow an army of dissatisfied customers who have no idea how to correct the problem or problems they are having nor do they have any interest in learning how to. On the other side we have people like you who have said talents but you are the vast minority and well you have your android stuff either out already or coming out so you have your choice or choices depending on Windows 7 or or Web OS devices as well.

        Pagan jim
        anonymous
    • RE: Adobe warns of critical Flash Player flaws

      @James Quinn - true, with incidents like the unjailbroken iPhone's SMS data being ripped off in 20 seconds, and the fact it can be jailbroken to begin with, plus symposiums like PWN2OWN telling the world OS X isn't as secure as it's hyped to be...<br><br>Case in point: NO PLATFORM IS SECURE. Ultimately it's up to the end users to have some brain cells, regardless of the companies' ability and desire to fix problems. Kudos to Microsoft and Adobe for sure. They remain on top of things or else we wouldn't see as much updates. I'm not sold on Apple's claims just yet...
      HypnoToad72
      • So you are saying that adding more problems to an

        @HypnoToad72
        already imperfect device is wise? Don't think I claimed OSX is perfect nor do the iDevices run on OSX but rather the iOS. Two wrongs don't make a right:)

        Pagan jim
        anonymous
      • RE: Adobe warns of critical Flash Player flaws

        With the way things are heading with Android (already claiming a super phone, open wild wild west philosophy), I am willing to bet this will be the first and probably only platform to incorporate anti-virus and other anti-apps in their phones.

        I shutter at the thought of our smart phones becoming like WinPCs with such constant security threats and updates etc.
        dave95.
    • RE: Adobe warns of critical Flash Player flaws

      @James Quinn

      It's so wonderful to be an Apple user, you never have to make your own decisions, Steve Jobs makes all the decisions for you

      And....that is supposed to be some kind of a benefit?

      I can see a marketing opportunity here

      Some people aren't capable of thinking for themselves.....for everyone else, there's Windows
      Doctor Demento
      • Let me reverse that...

        @Doctor Demento <br><br>Some people are very capable of thinking for themselves (or differently), which is why they choose Macs. For everyone else that knows no better, there's Windows. <br><br>I've always argued that WinPC users have lost the whole concept of what a PC is supposed to be (A tool). Which tool would you rather buy, one that requires more maintenance and security risks (PC) or less (Macs).
        dave95.
  • looks like Adobe needs to improve

    the new updater arrangements for Flash Player, which are required to get these important 10.1.82.76 fixes.<br><br>- on Firefox and Opera, the new downloader has to be accepted, and then appears to complete -- with no clear message that it has, just an alert on which you can hit cancel or close. Yet if you do, the update won't be installed. You instead need to leave the alert alone, and close Firefox itself, then restart it. Highly error-prone, and the only way to be sure is to use the www.adobe.com/software/flash/about to see that you have the new version numbers. I suspect many people will not actually get the critical update until this is made more robust and clear. Dangerous.<br><br>- on Google Chrome development channel versions (5.xx), you don't even get a chance to install the critical update. You get a message that Chrome takes care of itself now, by updating Chrome whenever Adobe updates Flash. Except Chrome wasn't updated yesterday. A workaround I used was to disable the Shockwave Flash plugin in Chrome plugins. Then the Adobe updater page would install the new current version. I still have the disabled copy of the old version however - maybe that will go away when Chrome 5.0.375.125 updates itself.<br><br>How it seemed from here, anyway.<br><br>[well, Chrome updated itself, on the Develop/Beta channel. To _6_.0.472.33! Very interesting, and it is properly several steps behind the Chromium alpha I also run. This version does have the new Adobe Flash, and not as a plugin at all - all plugin versions are gone. It also has new UI as Chromium has been developing. Ah, these summer months ;)]
    Narr vi
    • RE: Adobe warns of critical Flash Player flaws

      Well, this is your basic nightmare.

      After all the care to install the patched version, Secunia noted the old version still present. In the same directory as the new one.

      So, I ran the latest Flash uninstaller. The bad item is still there! Trying to drop it in the trashbin, am informed that desktop Gadget(s) are using it. The OLD version.

      Kill all gadgets. Run Flash uninstaller. Still not gone.

      Reboot. Run Flash uninstaller. Now it is gone. So is the Flash 'auto-update-installed' by Google Chrome.

      Reinstall for IE8 and for other browsers, using the Adobe installers, carefully unchecking installation of unasked toolbars. Now Secunia and adobe checker agree I have the new versions.

      What are the odds of a casual user actually getting their Flash installation updated to (only) the new safe version?

      And of their Windows _accessories_ running that safe version? This was Windows 7.
      Narr vi
  • RE: Adobe warns of critical Flash Player flaws

    Don't run flash on my servers, don't have anything on my client worth taking...and Hijackers can't rob an empty house. That said, wouldn't need flash if more sites would stop using it. I can understand games, but there are about a thousand other ways to stream a movie or show.
    Socratesfoot
  • RE: Adobe warns of critical Flash Player flaws

    Thank god, Windows 7 comes w/o flash :)
    shellcodes_coder