Adobe releases six critical patches for Flash, AIR
It's the second time in a week that Adobe has released a fix for Flash
IDG News Service - Adobe Systems released fixes on Tuesday for six critical vulnerabilities affecting its Flash multimedia application and AIR runtime, five of which could allow for remote code execution on a system.
The updates affect Windows, Macintosh, Linux, Google Chrome and users of Android 2.x, 3.x and 4.x devices, Adobe said in its advisory.
The patches address four memory corruption vulnerabilities -- CVE-2012-4163, CVE-2012-4164, CVE-2012-4165 and CVE-2012-4166 -- and an integer overflow vulnerability, CVE-2012-4167. Also fixed is a cross-domain information leak vulnerability, CVE-2012-4168.
"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.
Windows and Apple users should use Flash version 11.4.402.265, and the up-to-date Linux version is 22.214.171.124. For Adobe's AIR runtime, which allows Web applications to perform functions outside of a Web browser, Windows and Apple users should move to version 126.96.36.1990.
Last week, Adobe pushed out a fix for Flash for CVE-2012-1535, which the company said had been used in limited attacks. The problem can cause Flash to crash, or, at worst, allow an attacker to take over control of the computer.
The attack is initiated by sending targets a malicious Word document, which contains an exploit targeting the ActiveX version of Flash for the Internet Explorer browser, Adobe said. Security vendor Symantec wrote on Tuesday that it had detected and blocked more than 1,300 attacks since Aug. 10 using the vulnerability.
Send news tips and comments to email@example.com
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts