Flash

H-Online: Adobe has released updates for Flash Player closing seven holes in the application. Six of the holes can be exploited to allow an attacker to infect a PC using crafted web pages. The seventh is a cross site scripting hole that Adobe says is already being exploited in “active targeted attacks”. The attacks, which are only aimed at Internet Explorer on Windows, try to trick the user into clicking on a malicious link. Adobe say the hole “could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website”. ...

Avira TechBlog: Today is a busy day for those who want to keep their computers secure: Many updates are available, from Adobes Flash Player over Apples Mac OS X operating system to the Firefox web browser. There is a security vulnerability in Flash player which became public as a zero day vulnerability a week ago. It has been attacked in a limited fashion. Now Adobe released this security update which users can download from the website of the company. As this security vulnerability already gets actively exploited, users and administrators should apply the update immediately. ...

Mashable: Monday night, Adobe released a new, experimental Flash-to-HTML5 conversion tool codenamed Wallaby. Wallaby is an AIR app that lets devs and designers quickly and simply convert Flash Professional files to HTML5— and when we say “simply and easily,” we mean it’s a matter of dragging and dropping. The company is specifically hoping this tool will make it easier for designers and developers to get their content onto iOS devices like the iPhone and iPad. ...

This is amazing news indeed. Its has been feature talk with many of clients and colleagues all long for many years. Currently almost any text a user can see as they interact with a SWF file on your site can be indexed by Googlebot and used to generate a snippet or match query terms in Google searches. Additionally, Googlebot can also discover URLs in SWF files and follow those links, so if your SWF content contains links to pages inside your website, Google may be able to crawl and index those pages as well. ...

The Redmond company today published its announcement for the upcoming November Patch Tuesday. Microsoft wants to release 3 security bulletins which deal with 11 security vulnerabilities within Office and PowerPoint (up to the brand new Office 2011 for Mac) and Forefront Unified Access Gateway. A patch for the just recently detected 0-day vulnerability in Internet Explorer is not in the list. Adobe meanwhile ships an update for the Flash Player to version 10.1.102.64 today and plans one for the Reader and Acrobat next week. The Flash update is available via the Download Center and fixes the“authplay” vulnerability which got public last week. But the company has to deal with a new security vulnerability as well. It’s not yet exploited and it remains currently unknown whether it is exploitable to infect PCs with malware, but Adobe investigates the flaw. On a public security list a so-called Proof-of-Concept (PoC) has been published which just shows a Denial-of-Service attack. ...

Avira TechBlog: Adobe warns of a new vulnerability in Flash Player and in Reader. The problem is within authplay.dll and the corresponding .lib in the Unix versions. It allows attackers to inject malicious code like Trojans with specially prepared documents or Flash objects. The company works on a patch which it plans to release on the 9th of November. Until then, deleting the authplay library helps to prevent a successful attack. Flash or Reader will crash then when a file requests the services from authplay, but this is clearly better than having an infected system. ...

Adobe fixed the vulnerability in Flash Player in a record time again. Just one week after the 0-day became public and started to get exploited, an update is available to close the security hole. Even though Adobe Reader and Acrobat are affected (which are supposed to get an update in 2 weeks), until now we’ve only seen exploits against the Windows Flash Player. Users and administrators should update their Flash Player as soon as possible! The version 10.1.85.3 fixes the issue for Windows, Unix, Solaris and is available through Adobe’s download center. Android users can get the update to 10.1.95.1 on the Android Market Place. ...

Flash, sharply rejected by Jobs and Company, has moved on to Apple’s competitors, hoping for a warm welcome and the promise of a place in the mobile market. While Apple CEO Steve Jobs’ recent open letter deploring Adobe’s Flash managed to do little in terms of settling the argument as to who was right in the debate, it did point out many of the problems with the oft-buggy software that may indeed plague the smartphone experience. ...

Adobe has fired back against Apple’s recent ban on building iPhone apps via Flash. And this time, Adobe’s not pulling any of punches. In a recent blog post on The Flash Blog, Adobe Platform Evangelist Lee Brimelow goes on the offensive for seven paragraphs, ripping into Apple’s recent change to its iPhone Developer Program License Agreement that only allows for applications to be written in Objective-C, C, C++ or Javascript and executed by the iPhone OS WebKit engine. In fact, the post was so strong that Adobe asked Brimelow to delete a segment. ...

Today, Apple revised its iPhone Developer Program License Agreement to effectively ban the use of the Flash-to-iPhone converter. Throughout 2010, Steve Jobs and Apple made it very clear that they do not like Adobe. At all. They prominently left Flash off the iPad, instead promoting HTML5 at every opportunity. For some time now, though, Adobe’s had a tool to circumvent Apple’s ban on Flash for the iPhone and iPad: the Adobe Creative Suite 5 Flash-to-iPhone converter, which would have allowed developers to create apps in Flash and then port them over into iPhone. ...