Adobe patches critical Flash bugs, ships sandboxed plug-in for Firefox
Also delivers silent updater for OS X, readies Flash for Mountain Lion
Computerworld - Adobe today patched seven critical vulnerabilities in Flash Player -- the fifth security update so far in 2012 -- and released a sandboxed plug-in for Mozilla's Firefox.
The company also released the "silent update" tool for OS X, and said it had prepped Flash for the upcoming OS X 10.8, aka Mountain Lion, by signing its code, a requirement if users are to install software downloaded from sources other than Apple's own Mac App Store.
"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," said Adobe in an advisory published Friday.
The flaws were all over the map, and included memory corruption, integer and stack overflow, and security bypass bugs. One of the seven was tagged as a "binary planting" vulnerability in the Flash installer.
"Binary planting" is a synonym for what others call "DLL load hijacking," a bug class first uncovered nearly two years ago by HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit.
Because many Windows applications don't call DLLs using a full path name, instead using only the filename, hackers can trick an application into loading a malicious file with the same title as a required DLL.
Unlike the last Flash security update, which Adobe issued May 4, today's bug patches are for vulnerabilities that the company has not seen exploited in the wild.
Among those Adobe credited for reporting the vulnerabilities was a researcher from the Google Chrome team, another from Symantec and two engineers who work for Microsoft.
Microsoft and Adobe have been working even closer than usual of late: Last week, Microsoft announced that it had, with Adobe's help, integrated Flash Player into the Metro version of Internet Explorer 10 (IE10).
That move seemed to contradict Microsoft's earlier promise that it would not allow plug-ins -- Flash Player is probably the most widely-used browser plug-in on the planet -- in IE10 on Metro, the new tablet-oriented user interface (UI) within Windows 8 and the sole mode on Windows RT.
Also included in Flash Player 11.3 was a sandboxed plug-in for Firefox and the promised silent update tool for OS X users.
Adobe first talked about sandboxing Flash for Firefox in February, when it released a beta version of the plug-in for that browser on Windows Vista and Windows 7.
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Infographic: Team Effectiveness Work is changing. We're global, mobile and distributed - we're virtual teams. This infographic illustrates our 2013 survey of over 1700 people around...
- Unify top five predictions in enterprise communications for 2014 Around the globe, a new way to work is taking hold - and 2014 will be a turning point.
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Malware and Vulnerabilities White Papers |