0

If you are a user of Adobe Flash, be sure to apply the latest security update if you want to avoid becoming part of an in-the-wild attack exploiting a vulnerability which currently seems to be exploiting users of Internet Explorer on the Windows platform only. Adobe has, however, issued an emergency security patch for Android, Linux and Mac users as well as those with Windows which kind of suggests it could be indicative of a wider problem with the software.

dweb-flash Adobe is recommending that any users of Flash Player v11.2.202.233 and earlier for Windows, Mac and Linux should update to v11.2.202.235 and Android 4.x users of v11.1.115.7 and earlier should update to 11.1.115.8, Android 3.x users of 11.1.111.8 should move to 11.1.111.9 while those users with the Google Chrome installed Flash Player need do nothing as the update will have been applied automatically.

The Adobe Security Bulletin (APSB12-09) is determined as being critical, with the object confusion vulnerability (CVE-2012-0779) being actively exploited in the wild as I write. The exploit will arrive in the form of an email with attachment, and infection can only occur if the user clicks on that attached file to execute it. Once again, it's a message to all those who have itchy link-clicking fingers not to blindly think everything you get sent in the mail is OK to look at.

Windows users who opted in to the recently introduced silent update feature will have been protected by the security update as soon as it was made available and need do nothing further in order to protect all web browser clients installed on their system.

Adobe advise users who are confused about which version of Flash they are currently running to access the 'About Flash Player' page or right-click on any content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. A check which will have to be applied for every browser you have installed if you have not applied that silent update feature on Windows.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
1
Reply
3
Views
5 Years
Discussion Span
Last Post by happygeek
0

Had an interesting chat with a 'security researcher' friend of mine who pondered: is Adobe the new Microsoft as far as being sloppy on the security coding front is concerned, or should we really be pointing the finger of blame in the direction of JavaScript for the problems that both companies face with regards to browser-based exploits?

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.