In association with heise online

31 July 2009, 10:37

Adobe fixes numerous holes in Flash Player and AIR

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has released updates for Flash Player and AIR to close a total of twelve security holes. The vulnerabilities include the recently discovered hole that allows attackers to gain control of a PC via specially crafted web pages. This hole also affects Adobe Reader and Acrobat, for which Adobe plans to release updates before the end of the day. In Reader and Acrobat, the hole can be exploited via specially crafted PDF files that include Flash content.

The vulnerability is already actively being exploited through specially crafted PDF files and through manipulated web pages (drive-by downloads). According to reports, the drive-by exploit affects users running Internet Explorer and Firefox.

The Flash and AIR updates fix five further critical bugs that involve heap and buffer overflows and allow the injection of arbitrary code. Adobe has also solved the ATL problem and a click-jacking vulnerability. The vendor recommends that users update to versions 9.0.246.0 or 10.0.32.18 of Flash and AIR version 1.5.2 immediately, for example via the integrated update feature.

The Flash updates are available to download for Windows, Mac, Linux and Solaris. Users can determine which version they have installed by accessing this page: Adobe Flash Player. The AIR update is available for Windows, Mac and Linux.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-742745
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit