In association with heise online

09 December 2009, 10:49

Several holes closed in Adobe Flash Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe's security updates for Flash Player and 1.5.3 for Adobe Air fix six critical security holes on all platforms that potentially allow attackers to gain control of a system – provided the victim is working at admin privilege level. For an attack to be successful, a user only needs to visit or inadvertently be redirected to a specially crafted web page. In the Windows version, the updates also close a hole in the ActiveX control for Internet Explorer that can be exploited to solicit certain information from a PC.

Adobe recommends that all users of Flash Player and earlier versions switch to the new version. However, the vendor doesn't mention whether the holes can also be found in Flash Player 9 – previous bulletins about Flash Player have always affected both version 9 and version 10. Flash Player can be updated via the auto-update feature. Adobe Air needs to be downloaded manually.

Adobe reports that the various issues, which are caused by problems such as integer overflows and memory flaws, were discovered and reported by external security services, including Fortinet, TippingPoint, the US-CERT and Microsoft.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit