We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Adobe Flash patched after zero-day attacks

For all versions, Windows, Mac, Linux

Adobe has issued an urgent patch for Flash Player after discovering a zero-day cross-site scripting vulnerability that is being exploited by email-borne attacks.

Anyone with Flash Player 10.3.181.16 or earlier for Windows, Mac, or Linux should update to 10.3.181.22 (10.3.181.23 for ActiveX) as soon as possible to address the CVE-2011-2107 vulnerability, rated as "important" rather than critical. The same flaw affects Flash running on Android devices, which the company said it would address in a separate fix this week.

Despite the lower security billing under the Common Vulnerabilities and Exposures (CVE) system, the patch was considered serious enough for Adobe to fix outside its normal monthly cycle, all part of the company's reformed 'beter safe than sorry' attitude to patching in the wake of repeated attacks on its plug-ins during 2008, 2009, and 2010.

Users can check which Flash Player they have installed by visiting Adobe's version-checking website. This should install automatically this week but can also be manually installed from Adobe's site.

Rapid patching is now necessary, almost regardless of the criticality of a bug. Only two weeks ago a report by vulnerability management company Qualys found that browser plug-ins are now the biggest area of vulnerability in many PCs. Forty percent of scanned PCs were found to be running a vulnerable version of Java, double the percentage for Flash, which has improved its score in recent times.

Adobe has in also in recent time retrofitted sanboxes to its Flash Player and Reader software in an effort to minimise what attackers can do using exploits. Researchers have managed to find ways around this technology, however.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model