We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

Macromedia reports critical hole in Flash player

Company advises users to upgrade now to fix the flaw

Macromedia has warned of what it calls a critical security flaw in the latest version of its Flash animation player and advised users to install a new version, which it has released on the web.

The security flaw affects version 6.0 of the Flash Player freeware, which was released a year ago this month and has been installed on an estimated 75 percent of personal computers worldwide, according to the company.

The vulnerability affects the integrity of the player's "sandbox", which is supposed to act as a cordoned-off area where Flash code retrieved from the web can be run safely, without access to a user's files. The company warns that the flaw could allow a malicious hacker to run native code on a user's computer, outside the sandbox, possibly without the user's knowledge.

No users had reported having being affected by the problem as of Monday evening, a Macromedia representative said. Nevertheless, the company advised users to download a new version of the player — version 6.0.79.0 — from its website
immediately.

As well as fixing the sandbox’s vulnerability, the new version serves as a cumulative patch, addressing other security flaws reported since its release, including memory buffer overflows. It also offers other tweaks intended to boost the product’s performance.

The company offered few other details, saying only that the vulnerability was reported to Macromedia "recently" by a third party.

The bulletin, with a link to the download site ishere.


IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

Government kills £50 million 'Silicon Roundabout' regeneration fund