Microsoft to patch Flash hole in Windows 8 shortly

h-online: Microsoft has confirmed that it will deliver a security update for the bundled version of Flash Player used by Internet Explorer 10 (IE10) sooner than previously planned. In a statement sent to ZDNet, Yunsun Wee, Trustworthy Computing Director at Microsoft, said that the company is working closely with Adobe on an updated version of the Flash plugin which “will be available shortly”. ...

September 12, 2012 Â· 2 min Â· 281 words Â· Omid Farhang

Adobe Flash Player update patches six critical holes

h-Online: Adobe has released the second update for its Flash Player software in a week, this time for six critical vulnerabilities. Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another bug that was fixed is a cross-domain information leak. The problems exist in Flash Player 11.3.300.271 and earlier versions on Windows, Macintosh and Linux, and in the Android versions 11.1.115.11 (Android 4.0) and 11.1.111.10 (Android 3.x and 2.x) and earlier. ...

August 23, 2012 Â· 2 min Â· 293 words Â· Omid Farhang

Adobe Flash Player 11.3.300.270 for Windows released to address a crash

Adobe wrote: Today, Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi’s (available on the distribution page.) No other platforms are affected. ...

August 3, 2012 Â· 2 min Â· 344 words Â· Omid Farhang

Adobe updates Flash Player 11.3 to fix Firefox crashing problem

Adobe has released an updated version of its proprietary Flash Player 11.3 plugin to address a bug that caused Firefox 13 on Windows to crash for some users. The problem is believed to have been related to the recently introduced Protected Mode for the Windows version of Flash Player and the open source web browser; the new mode is designed to isolate the plugin from the rest of the system by running it in its own sandbox. ...

June 23, 2012 Â· 1 min Â· 175 words Â· Omid Farhang

Sandboxed Flash Player for Firefox: Adobe Flash update closes several critical holes

The H-Online: Adobe has announced the release of an update for Flash Player on Windows, Mac, Linux, Android 3.x and 4.x, and within its own AIR runtime. The update addresses several critical vulnerabilities which involve memory corruption, stack overflows, integer overflows, security being bypassed, null dereferencing and binary planting (DLL hijacking). All, except the security bypass, could lead to code execution. ...

June 9, 2012 Â· 2 min Â· 315 words Â· Omid Farhang

Adobe Flash Player update closes critical object confusion hole

The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player. ...

May 5, 2012 Â· 2 min Â· 214 words Â· Omid Farhang

Adobe Flash enables auto-updating while patching two critical flaws

SophosLabs: Adobe released Flash Player version 11.2.202.228 for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward. Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time. ...

March 29, 2012 Â· 1 min Â· 190 words Â· Omid Farhang

Flash Player update plugs exploited hole

H-Online: Adobe has released updates for Flash Player closing seven holes in the application. Six of the holes can be exploited to allow an attacker to infect a PC using crafted web pages. The seventh is a cross site scripting hole that Adobe says is already being exploited in “active targeted attacks”. The attacks, which are only aimed at Internet Explorer on Windows, try to trick the user into clicking on a malicious link. Adobe say the hole “could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website”. ...

February 16, 2012 Â· 2 min Â· 231 words Â· Omid Farhang

Adobe releases beta version of sandboxed Flash for Firefox

The H-Online: Adobe has released a public beta of a sandboxed version of its Flash plugin for Firefox in an effort to improve its security. The new “Protected Mode” for Flash, which has been in development for at least a year according to Adobe engineer Peleus Uhley, runs with restricted privileges and, to further limit its access to the system, can only access system resources through a broker. This should help intercept attackers trying to gain access to a system through malicious Flash files. ...

February 7, 2012 Â· 2 min Â· 256 words Â· Omid Farhang

Expert says Adobe omits mention of 400 Flash Player flaws

H-Online: Officially, Adobe’s current update for Flash Player has closed only 13 holes, but unofficially it is said to have closed several hundred. Security specialist Tavis Ormandy, who works for Google, claims that he discovered 400 holes and notified Adobe of them. The specialist has now complained that, while the holes have been closed, they haven’t been mentioned in the official advisory, and he hasn’t been given credit for their discovery. ...

August 12, 2011 Â· 2 min Â· 268 words Â· Omid Farhang