Adobe Flash patched after zero-day attacks

Adobe has issued an urgent patch for Flash Player after discovering a zero-day cross-site scripting vulnerability that is being exploited by email-borne attacks.

Anyone with Flash Player or earlier for Windows, Mac, or Linux should update to ( for ActiveX) as soon as possible to address the CVE-2011-2107 vulnerability, rated as “important” rather than critical. The same flaw affects Flash running on Android devices, which the company said it would address in a separate fix this week.

Despite the lower security billing under the Common Vulnerabilities and Exposures (CVE) system, the patch was considered serious enough for Adobe to fix outside its normal monthly cycle, all part of the company’s reformed ‘beter safe than sorry’ attitude to patching in the wake of repeated attacks on its plug-ins during 2008, 2009, and 2010.

Users can check which Flash Player they have installed by visiting Adobe’s version-checking website. This should install automatically this week but can also be manually installed from Adobe’s site. 
Rapid patching is now necessary, almost regardless of the criticality of a bug. Only two weeks ago a report by vulnerability management company Qualys found that browser plug-ins are now the biggest area of vulnerability in many PCs. Forty percent of scanned PCs were found to be running a vulnerable version of Java, double the percentage for Flash, which has improved its score in recent times. 
Adobe has in also in recent time retrofitted sanboxes to its Flash Player and Reader software in an effort to minimise what attackers can do using exploits. Researchers have managed to find ways around this technology, however.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.