Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Macromedia reports critical hole in Flash player

March 4, 2003 12:00 PM ET

IDG News Service - Macromedia Inc. warned yesterday of a "critical" security flaw in the latest version of its Flash animation player and advised users to install a new version that it released on the Web to fix the problem.
The security flaw affects Version 6 of the Macromedia Flash Player, which was released a year ago this month and has been installed on an estimated 75% of PCs worldwide, according to the company.
The vulnerability affects the integrity of the player's "sandbox," which is supposed to act as a cordoned-off area where Flash code retrieved from the Web can be run safely, without access to a user's files. The flaw could allow a malicious hacker to run native code on a user's computer, outside the sandbox, possibly without the user's knowledge, according to information on the company's Web site.
No users had reported having been affected by the problem as of yesterday evening, a Macromedia representative said. Nevertheless, the San Francisco-based company advised users to download a new version of the player -- Version 6.0.79.0 -- from its Web site immediately.
Besides fixing the latest vulnerability, the new version serves as a cumulative patch, fixing other security flaws reported since the product's release, including memory buffer overflows, Macromedia said. It also offers other tweaks intended to boost performance of the product.
The company offered few other details, saying only that the vulnerability was reported to Macromedia "recently" by a third party.
The bulletin, with a link to the download site, is at www.macromedia.com/v1/handlers/index.cfm?ID=23821.
Macromedia sought to assure users of the steps it takes to make its products secure. These include hiring experts outside the company to run "penetration" tests on its products before they are released, it said. The company recently appointed Paul Madar as chief security officer to oversee security in its products.
The company has issued more than 15 security patches, bulletins and notifications over the past year, according to its Web site. It recently implemented a ranking system similar to that used by Microsoft Corp. and other software vendors, designating vulnerabilities as "critical," "important," "moderate" and "low."
"The testing program finds many issues prior to product shipment. But while we strive to improve the program, we can still miss issues," Madar wrote in a recent posting on the company's Web site.
Flash is the most popular format for creating animation for Web sites. In December, the free Flash Player had been installed on 98% of PCs worldwide, or close to half a billion machines, and about three-quarters of them were running Flash Player 6, according to a survey conducted for Macromedia by research company NPD Online.







Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

Security

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs