Adobe releases six critical patches for Flash, AIR
It's the second time in a week that Adobe has released a fix for Flash
IDG News Service - Adobe Systems released fixes on Tuesday for six critical vulnerabilities affecting its Flash multimedia application and AIR runtime, five of which could allow for remote code execution on a system.
The updates affect Windows, Macintosh, Linux, Google Chrome and users of Android 2.x, 3.x and 4.x devices, Adobe said in its advisory.
The patches address four memory corruption vulnerabilities -- CVE-2012-4163, CVE-2012-4164, CVE-2012-4165 and CVE-2012-4166 -- and an integer overflow vulnerability, CVE-2012-4167. Also fixed is a cross-domain information leak vulnerability, CVE-2012-4168.
"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.
Windows and Apple users should use Flash version 11.4.402.265, and the up-to-date Linux version is 22.214.171.124. For Adobe's AIR runtime, which allows Web applications to perform functions outside of a Web browser, Windows and Apple users should move to version 126.96.36.1990.
Last week, Adobe pushed out a fix for Flash for CVE-2012-1535, which the company said had been used in limited attacks. The problem can cause Flash to crash, or, at worst, allow an attacker to take over control of the computer.
The attack is initiated by sending targets a malicious Word document, which contains an exploit targeting the ActiveX version of Flash for the Internet Explorer browser, Adobe said. Security vendor Symantec wrote on Tuesday that it had detected and blocked more than 1,300 attacks since Aug. 10 using the vulnerability.
Send news tips and comments to email@example.com
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts