Adobe warns of 'critical' Flash Player security holes

Adobe warns of 'critical' Flash Player security holes

Summary: The vulnerabilities, rated "critical," have been fixed for Windows, Macintosh, Linux and Solaris OS users.


A pair of researchers in Google's security team has found gaping holes in Adobe's ubiquitous Flash Player software.

According to an advisory from Adobe, Googlers Tavis Ormandy and Fermin J. Serna discovered integer errors and a memory corruption vulnerability that could be used by hackers to take complete control of an affected computer.

The vulnerabilities, rated "critical," were fixed today for Windows, Macintosh, Linux and Solaris OS users.

From Adobe's alert:

These priority 2 updates address critical vulnerabilities in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player and earlier versions for Android 4.x, and Adobe Flash Player and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player Users of Adobe Flash Player and earlier versions on Android 4.x devices should update to Adobe Flash Player Users of Adobe Flash Player and earlier versions for Android 3.x and earlier versions should update to Flash Player

Adobe is urging Flash Player users to apply the update within the next 30 days.

Topics: Enterprise Software, CXO, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Another day, another critical Flash Vulnerability

    After Java, Flash is the most insecure software widely available today.

    (For the non-ideologically inclined, you might want to know that security hackers have long since abandoned Windows as a target, and instead gone after 3rd party software like Java and Flash, since the latter have not had the security strengthening that Windows has had over the last 8 years.)
    • Reply thoughts

      Actually flash is the most insecure, video drivers second, Office and PDF apps, then Java and finally Windows. MS has made major strides with Windows and their MSE virus/malware freebe. I hope the new upcoming version 4 of MSE is well thought out with regards to browser add-ons! Windows update should be enhanced to do browser add-on updates to close the door of opportunity to hacker activity! Many folks don't realize what browser add-ons are.
  • What's New

    They just need to kill Flash and put all of us out of our misery.
  • Agreed - Can we all Just Stop Using It

    Ding Dong Flash is Dead! Enough already.
    • Got rid of it off my Mac

      And don't miss it.
  • Uninstall this security nightmare

    Uninstall this security nightmare and be happy
  • The security nightmare?

    Security nightmare; you mean Windows right? I uninstalled it a long time ago.
    • And so it begins

      the whole useless Linux vs Windows pissing match brought to you by a Linux drone...

      But okay let's talk security nightmares: The Sony Network which uses Linux based servers, the repository of the Linux kernel, and my personal favorite The Linux Foundation which is also on Linux based servers and maintained by the best and brightest Linux users and developers. All 3 were compromised.

      By comparison I have 5 Windows based PCs at home and maintain 10 Windows based PCs and several BB, Android, and iOS based devices at work and NONE of them have had an issue other than my daughter's old laptop which she neglected to keep updated... and was hacked via a 3rd party program - hmmm which is what this article is referring to.

      I'm not saying that Windows does not have security issues - ALL OSes do as they were made by humans who are not perfect. I AM saying that your trolling, FUD, and of topic posts will be rebutted.

      Back to topic.
  • Flash would die, but web sites keep it alive

    I think Flash could be replaced with HTML5. But as we know a lot of Web sites are failing to move to something else. Part of that could be the fear that many users are still using older browsers that fail to work well with HTML5. Probably a better solution for now is to block Flash content except for what you want to view. Or simply un install and see if you can live without it.
  • Adobe Flash , microsoft and others

    One would think that experienced programmers could do their job better,IF they are experienced. it's not the program, Flash is OK. It is the people who program it!
    Even Microsoft programmers cant get their butts together without having holes in their programs.A GOOD tradesman never blames his tools, IT is the Operator who is using these tools of trade.
  • Flash player security holes

    Are these problems also there in Gnash and/or Lightspark?