Critical hole in Linux Flash Player
Adobe has alerted users to a critical vulnerability in the Adobe Flash Player for Linux. Windows and Mac OS X users are not affected by this problem. According to Adobe, by using a specially crafted SWF file, an attacker can take control of a Linux system. We presume that this only works if the user works with root rights. Adobe have not disclosed further details on the problem.
All Linux versions of the Adobe Flash Player prior to and including 10.0.12.36 and 9.0.151.0 are affected. Adobe recommends that users update to version 10.0.15.3. For users who cannot upgrade to 10.0.15.3 for technical reasons, Adobe has released a patched version of Flash Player 9, version 9.0.152.0. In both cases, the process will involve a manual download and installation.
See Also:
- Security update available for Linux Flash Player 10.0.12.36 and Linux Flash Player 9.0.151.0, advisory from Adobe
(djwm)