Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Pushes Emergency Flash Player Security Fix

Posted by samzenpus on from the slap-on-the-patch dept.

wiredmikey writes "As expected, Adobe today released a security update for its Flash Player. The out of cycle update addresses critical security issues in flash player as well as an important universal cross-site scripting issue. Adobe reported that one of the vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. To illustrate the importance of keeping systems up to date, including Adobe Flash products, the fact that the RSA cyber attack was executed using a spear phishing attack with an embedded flash file should serve as a friendly reminder. RSA was breached after an employee opened a spreadsheet that contained a zero-day exploit that installed a backdoor through an Adobe Flash vulnerability."

4 of 56 comments (clear)

  1. This has never happened before! by savanik · · Score: 4, Funny

    The sooner we can get rid of Flash, the better. Bring on the HTML5, which will have no security vulnerabilities whatsoever!

  2. Re:Adobe used to mean something.... by Anonymous Coward · · Score: 3, Interesting

    Nation-State Attackers Are Adobe's Biggest Worry: [A]dobe has contacts in the big defense contractors, government agencies and other organizations that are most often the targets of state-sponsored attacks. So when a new attack begins, the company typically hears about it within hours as customers begin to call and report a new threat involving an Adobe product. Now, says Brad Arkin, the senior director of product security and privacy at Adobe, it's at a point where the company's main adversaries are state-sponsored actors. Arkin said that when a new attack involving a zero-day bug in one of Adobe's products starts, it typically will begin with attacks against a select group of high-profile organizations. That usually means defense contractors, government agencies or large financial services companies. [HSEC-1.2; Date: 20 September 2011; Source: http://threatpost.com/en_us/blogs/nation-state-attackers-are-adobes-biggest-worry-092011%5D

  3. Slim version by MrL0G1C · · Score: 3, Informative

    Nice quickly installing slim version, no junk and no download manager etc required:

    IE
    http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe

    Firefox etc
    http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    1. Re:Slim version by David_W · · Score: 3, Informative

      You sir are a gentleman and a scholar. You wouldn't happen to have an MSI would you?

      Funny, I just went looking for such a beast, being sick of fighting with their usual installer...