MUST READ: Yahoo lands Tumblr for $1.1 billion: report

Topic: Enterprise Software

Adobe warns of 'critical' Flash Player security holes

Summary: The vulnerabilities, rated "critical," have been fixed for Windows, Macintosh, Linux and Solaris OS users.

Ryan Naraine

By for Zero Day |

A pair of researchers in Google's security team has found gaping holes in Adobe's ubiquitous Flash Player software.

According to an advisory from Adobe, Googlers Tavis Ormandy and Fermin J. Serna discovered integer errors and a memory corruption vulnerability that could be used by hackers to take complete control of an affected computer.

The vulnerabilities, rated "critical," were fixed today for Windows, Macintosh, Linux and Solaris OS users.

From Adobe's alert:

These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7.

Adobe is urging Flash Player users to apply the update within the next 30 days.

Topics: Enterprise Software, CXO, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion

  • Another day, another critical Flash Vulnerability

    After Java, Flash is the most insecure software widely available today.

    (For the non-ideologically inclined, you might want to know that security hackers have long since abandoned Windows as a target, and instead gone after 3rd party software like Java and Flash, since the latter have not had the security strengthening that Windows has had over the last 8 years.)
    easson
    Reply Vote

    • Reply thoughts

      Actually flash is the most insecure, video drivers second, Office and PDF apps, then Java and finally Windows. MS has made major strides with Windows and their MSE virus/malware freebe. I hope the new upcoming version 4 of MSE is well thought out with regards to browser add-ons! Windows update should be enhanced to do browser add-on updates to close the door of opportunity to hacker activity! Many folks don't realize what browser add-ons are.
      Skullyvick
      Reply Vote

  • What's New

    They just need to kill Flash and put all of us out of our misery.
    gribittmep
    Reply Vote

  • Agreed - Can we all Just Stop Using It

    Ding Dong Flash is Dead! Enough already.
    jpr75_z
    Reply Vote

    • Got rid of it off my Mac

      And don't miss it.
      gribittmep
      Reply Vote

  • Uninstall this security nightmare

    Uninstall this security nightmare and be happy
    shellcodes_coder
    Reply Vote

  • The security nightmare?

    Security nightmare; you mean Windows right? I uninstalled it a long time ago.
    Freedom9
    Reply Vote

    • And so it begins

      the whole useless Linux vs Windows pissing match brought to you by a Linux drone...

      But okay let's talk security nightmares: The Sony Network which uses Linux based servers, kernel.org the repository of the Linux kernel, and my personal favorite The Linux Foundation which is also on Linux based servers and maintained by the best and brightest Linux users and developers. All 3 were compromised.

      By comparison I have 5 Windows based PCs at home and maintain 10 Windows based PCs and several BB, Android, and iOS based devices at work and NONE of them have had an issue other than my daughter's old laptop which she neglected to keep updated... and was hacked via a 3rd party program - hmmm which is what this article is referring to.

      I'm not saying that Windows does not have security issues - ALL OSes do as they were made by humans who are not perfect. I AM saying that your trolling, FUD, and of topic posts will be rebutted.

      Back to topic.
      athynz
      Reply Vote

  • Flash would die, but web sites keep it alive

    I think Flash could be replaced with HTML5. But as we know a lot of Web sites are failing to move to something else. Part of that could be the fear that many users are still using older browsers that fail to work well with HTML5. Probably a better solution for now is to block Flash content except for what you want to view. Or simply un install and see if you can live without it.
    jscott418-22447200638980614791982928182376
    Reply Vote

  • Adobe Flash , microsoft and others

    One would think that experienced programmers could do their job better,IF they are experienced. it's not the program, Flash is OK. It is the people who program it!
    Even Microsoft programmers cant get their butts together without having holes in their programs.A GOOD tradesman never blames his tools, IT is the Operator who is using these tools of trade.
    maxfrancis05@...
    Reply Vote

  • Flash player security holes

    Are these problems also there in Gnash and/or Lightspark?
    chakr
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close