In association with heise online

16 February 2012, 09:55

Flash Player update plugs exploited hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Flash logo Adobe has released updates for Flash Player closing seven holes in the application. Six of the holes can be exploited to allow an attacker to infect a PC using crafted web pages. The seventh is a cross site scripting hole that Adobe says is already being exploited in "active targeted attacks". The attacks, which are only aimed at Internet Explorer on Windows, try to trick the user into clicking on a malicious link. Adobe say the hole "could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website".

Flash Player version 11.1.102.55 and earlier on Windows, Macintosh, Linux and Solaris, version 11.1.112.61 and earlier for Android 4.x, and version 11.1.111.5 and earlier for Android 3.x and 2.x are all affected. Desktop Flash users should update to 11.1.102.62 by downloading it from Adobe's site. Android 4.x users should update to 11.1.115.6 and Android 3.x and 2.x users should update to version 11.1.111.6 by browsing to the Android Market Place for an update.

Google's Chrome browser, which embeds the Flash Player, has been updated to version 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. The Chrome update also addresses thirteen high, medium and low severity security issues, eight of which paid out from $500 to $1337 in bug bounty rewards. Google Chrome updates should be automatically delivered to Chrome users.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1435494
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit