Flash player plays back arbitrary program code
Adobe is releasing new versions of its Flash player software to close several security holes. Attackers could plant arbitrary code on affected computers using prepared Flash files in websites or emails.
Adobe's security advisory does not provide details on the holes, explaining only that input is not properly validated and hence could execute planted code. The updates also close a hole allowing Flash files to circumvent the allowScriptAccess option. Updates for Flash player 7 and 8 are available for Linux and Solaris, and also contain bug fixes for older vulnerabilities.
Adobe is encouraging users to make the switch to Flash player 9.0.16.0. The company is also releasing updates for the older versions 8.0.33.0, 7.0.68.0 and 7.0.66.0 for those situations where it is not possible to switch to the 9-series. Because the error effects all platforms for which the Flash player is available, administrators should check the player version on all systems and update as needed.
- Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions, Advisory from Adobe
- Download the current Flash player software
(ehe)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
