Adobe Issues Patch for Flash Zero Day Vulnerability

Thursday, September 22, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Adobe has issued a fix for a recently identified zero day vulnerability that may cause a system to fail or allow unauthorized remote access and control of a targeted system.

"Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android.  These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system."

Adobe classifies this patch release as being critical, and users of the Adobe Flash player are encouraged to check their current version of the application software by performing a right-click while viewing content in Flash and selecting "About Adobe (or Macromedia) Flash Player" from the menu.

Adobe also warned that there have already been instances where the vulnerability is being exploited by way of email spam containing malicious links that can lead to a cross-site scripting (XSS) attack against a targeted system.

"There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website."

Affected versions include:

  • Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.3.186.6  and earlier versions for Android

For mitigation of the zero day vulnerability, users of the media player should immediately update their software by doing the following:

"Adobe recommends all users of Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 10.3.183.10 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.183.7 or later for Macintosh can install the update via the auto-update mechanism within the product when prompted. Users of Adobe Flash Player for Android 10.3.186.6 and earlier versions should update to Adobe Flash Player for Android 10.3.186.7 by browsing to the Android Marketplace  on an Android phone."

For more details on this critical patch release, consult the Adobe security bulletin here:

Source:  http://www.adobe.com/support/security/bulletins/apsb11-26.html

Possibly Related Articles:
12114
Vulnerabilities
XSS Adobe Zero Day malware Remote Access Headlines Cross Site Scripting Alert Flash Attacks Critical Patch Updates
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.