We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Nine 'critical' Flash flaws patched by Adobe

Vulnerabilities threaten Windows, Mac & linux

Adobe has patched nine critical vulnerabilities in Flash that hackers could use to attack Windows, Mac and Linux machines.

"Multiple input validation errors have been identified in Flash Player 9.0.48.0 and earlier that could lead to the potential execution of arbitrary code," Adobe said. "These vulnerabilities could be accessed through content delivered from a remote location via the user's web browser, email client or other applications that include or reference the Flash Player."

Danish vulnerability tracker Secunia ASP collectively rated the nine bugs as "highly critical", its second-from-the-top threat ranking.

The flaws can be exploited using malicious .swf files, a vector graphics format specific to Flash. Specifically, said Adobe, the vulnerabilities could be used to conduct cross-site scripting attacks, run DNS rebinding attacks that circumvent firewall defences and elevate privileges on servers hosting Flash content.

Google's security team was credited by Adobe with reporting two of the nine vulnerabilities, while a team at Stanford University received a nod for notifying Adobe of another pair of bugs.

"Users are recommended to update to the most current version of Flash Player available for their platform," Adobe said. The update, dubbed Flash Player 9.0.115.0, can be downloaded from the Adobe site. Solaris users, however, must download a beta of the updated Player to protect their machines.

Mac OS X users who refreshed their operating system with the 41-fix Security Update 2007-009, which Apple issued Monday, already have the revised Flash Player in hand, and don't need to take additional action.

According to Adobe, people who must rely on the older Flash Player 7 should download and install the patched version of that edition instead of 9.0.115.0.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad