Adobe Releases Patches to Fix 12 Flaws in Flash Player

Adobe Systems released several security patches on July 31, 2009 that address 12 vulnerabilities in its Flash Player. The update fixes a zero-day flaw that malicious-minded people have been exploiting to illegally infiltrate users' computers through Flash.

Among the flaws fixed, one that is most critical relates to memory corruption. Hackers have been exploiting this since early July 2009 through maliciously crafted SWF/PDF files. To exploit this flaw, hackers have been employing drive-by downloads that were hosted on hijacked sites.

Of the twelve problems, three resulted from problems within Microsoft development program. Adobe said that of the total security flaws, ten could be potentially used to launch attacks, with hackers either compromising a system wholly or secretly running malicious code on it.

The company also said that all the patches plugged holes in Flash products installed in Linux, Mac and Windows.

During the 4th week of July 2009, Adobe said that it would patch Flash by July 30, 2009 following reports of assaults against Adobe Reader and Flash. Reportedly, attackers had been hacking into computers with Flash via drive-by downloads on hijacked websites, and aiming at users running Reader through vulnerability within the Flash interpreting program seared into the application.

Tyler Reguly, Senior Security Engineer at nCircle states that Adobe acted fairly fast to prepare and release the fix for which it deserves kudos, as reported by CIO Todau on July 31, 2009.

Reguly further said that the latest updates included a patch to fix MS09-035, the flaw that affected the Active Template Library (ATL) of Microsoft, and added that it was really heartening to find intermediate parties issuing coverage so fast.

Furthermore, Adobe's end-of-week security update comes after Microsoft's out-of-cycle update to plug holes in ATL. The threat is severe, while Adobe's patch fixes problems relating to stack, heap and integer overflow vulnerabilities capable of allowing malware execution.

Thus, Adobe suggests that Adobe Flash Player versions 9.x and 10.x and older should be updated to 9.0.246.0 and 10.0.32.18 and Adobe Reader 9, Acrobat 9 and older editions need to be updated to Reader 9.1.3 and Acrobat 9.1.3.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 8/19/2009