Critical Flash Player Update to fix 11 Security Holes

CriticalFlash Player Update to fix11 Security Holes

Adobe has released another batch of security updates for its ubiquitousFlash Playersoftware. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks.

In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in aMicrosoft Word (.doc) orMicrosoft Excel (.xls) file delivered as an email attachment targeting theWindows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.”

The vulnerabilities exist in Flash versions 10.2.159.1 and earlier for Windows, Mac,LinuxandSolaris. To learn which version of Flash you have, visit this link. The new version for most platforms is 10.3.181.14;Androidusers should upgrade to Flash Player _10.3.185.21_available by browsing to the Android Marketplace on an Android phone;Googleappears to have updatedChrome users automatically with this version of Flash back on May 6 (Chrome versions _11.0.696.68 _and later have the newest Flash version).

Remember that if you use Internet Explorer in addition to other browsers, you will need to apply this update twice: Once to install the Flash Active X plugin for IE, and again to update other browsers, such as**Firefox and Opera.**Updates are available by browsing with the appropriate browser to the Flash Player Download Center. Bear in mind that updating via the Download Center involves installing Adobe’s Download Manager, which may try to foist additional software. If you’d prefer to update manually, the direct installers for Windows should be available at this link. If you run into problems installing this update, you’ll want to uninstall previous versions of Flash Player and then try again.

Adobe says Flash Player 10.3 includes a new auto-update notification mechanism for the Macintosh platform, which should alert Mac users to new Flash updates (this feature has been available on the Windows platform for a while now).

Source : https://krebsonsecurity.com/