We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Adobe Flash patched after zero-day attacks

For all versions, Windows, Mac, Linux

Adobe has issued an urgent patch for Flash Player after discovering a zero-day cross-site scripting vulnerability that is being exploited by email-borne attacks.

Anyone with Flash Player or earlier for Windows, Mac, or Linux should update to ( for ActiveX) as soon as possible to address the CVE-2011-2107 vulnerability, rated as "important" rather than critical. The same flaw affects Flash running on Android devices, which the company said it would address in a separate fix this week.

Despite the lower security billing under the Common Vulnerabilities and Exposures (CVE) system, the patch was considered serious enough for Adobe to fix outside its normal monthly cycle, all part of the company's reformed 'beter safe than sorry' attitude to patching in the wake of repeated attacks on its plug-ins during 2008, 2009, and 2010.

Users can check which Flash Player they have installed by visiting Adobe's version-checking website. This should install automatically this week but can also be manually installed from Adobe's site.

Rapid patching is now necessary, almost regardless of the criticality of a bug. Only two weeks ago a report by vulnerability management company Qualys found that browser plug-ins are now the biggest area of vulnerability in many PCs. Forty percent of scanned PCs were found to be running a vulnerable version of Java, double the percentage for Flash, which has improved its score in recent times.

Adobe has in also in recent time retrofitted sanboxes to its Flash Player and Reader software in an effort to minimise what attackers can do using exploits. Researchers have managed to find ways around this technology, however.

IDG UK Sites

Apple promises developers better stability, performance for Swift

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...