Macromedia Flash has critical vulnerability

Macromedia Flash has critical vulnerability

Summary: People using Flash should check to see if they need to upgrade to avoid being compromised

TOPICS: Security

Internet Explorer and Opera users have been urged to upgrade to protect against a newly discovered flaw.

The vulnerability, in Flash Player version and earlier, could allow a hacker to compromise a user's PC.

Macromedia confirmed the existence of the flaw, which it classified as critical, on Friday afternoon. It recommends the users upgrade to version

"There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorised code that would have been executed by Flash Player," Macromedia warned.

To see more details on the vulnerability, and download the updated version, click here. Security firm Secunia also classifies the vulnerability as highly critical.

"The Flash Player plug-in is used by more people than [just those using] Internet Explorer," said Thomas Kristensen, Secunia's chief technical officer. According to Secunia, only those who use the IE and Opera Web browsers are vulnerable to the Macromedia flaw, since other browsers, such as Firefox, do not include Flash player in their default set-up.

Kristensen added that he was surprised that Macromedia had issued the patch on Friday afternoon, as many potential victims might have been returning home and not learned about the problem until Monday, or later.

"The bad guys have had a whole weekend to write exploits," Kristensen said.

eEye Digital Security, a research firm, says it told Macromedia about the existence of the flaw on 27 June.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion