We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Adobe patches five Flash flaws

Malicious SWF file could expose PCs to hackers

Adobe has released a security update that patches five flaws in its Flash multimedia software.

Among the flaws fixed in the patch is a critical bug that cause a PC to be hacked merely by viewing a malicious Shockwave Flash (SWF) file, according to Adobe's advisory.

Flash vulnerabilities are particularly dangerous due to the widespread use of the graphics format across the internet for rich web pages and banner advertisements. Most web browsers have the Flash player plug-in installed, which makes it an attractive target for hackers.

Online advertising networks have struggled to keep malicious Flash advertisements off their networks, as they are often difficult to detect.

Victims of a Flash attack are usually duped via a social engineering trick or by viewing malicious content injected into a trusted site, according to a warning from iDefense, the security branch of VeriSign.

Two of the other Adobe updates address potential problems with 'clickjacking', a difficult but powerful hack that lures a victim into clicking on a certain place on a web page in order to enable an attack.

The other two updates fix a potential denial-of-service condition caused by an input validation problem, and the remaining one fixes an information disclosure problem on Linux systems.

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

The most up-to-date Flash player for most users is 10.0.22.87. Other versions are available for users of AIR or Flash CS3 Professional: Adobe has published a chart in its advisory listing the upgrades.

Adobe has a web page that will automatically display what Flash version a computer is using. Flash also has an auto-update system that will prompt a user that it's time to upgrade.

The latest Flash problems come as Adobe is grappling with another serious vulnerability in its Acrobat and Reader products, used for reading PDF files, that affects both Apple and Microsoft Windows users.

The flaw can allow an attacker to take over a computer if someone opens a malicious PDF file. Adobe has said it will issue a patch by March 11, but security experts have cautioned it leaves a wide time window for attacks.

Security vendor Sourcefire has said it has traced PDF attacks going back to January 9. The company has issued an unsupported temporary patch.

See also: Flash Player 10 for smartphones demoed


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

Watch this heartwarming Christmas short by Trunk for composer John Rutter

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad