Adobe Issues Security Updates for Flash Player Vulnerabilities

Adobe, recently, issued a security patch on June 14, 2011 to fix a critical flaw within its Flash Player which cyber-criminals reportedly were abusing. Computerworld.com published this on June 15, 2011.

The software maker, which detected the flaw as CVE-2011-2110, said it existed within the latest version 10.3.181.26 of Flash Player affecting Macintosh, Solaris, Windows and Linux.

The company cautions, the flaw when exploited corrupts memory that can result in a crash as well as potentially let hackers compromise the affected computer. Additionally Adobe says that attackers are exploiting this vulnerability in personalized assaults through malevolent websites. Softpedia.com published this on June 15, 2011.

Evidently, the zero-day vulnerability is the 4th one found within Flash Player starting March 2011, while it's the 2nd during June 2011.

Beside the patch for Flash, Adobe has further plugged 13 fresh security holes within its Reader. There are no less than 17 patches for ReaderX latest edition.

Moreover, except for 2 bugs in the total 13, Adobe rated all the remaining bugs as "critical" that similar to Apple doesn't use a system for multi-label scoring to rate vulnerabilities. Rather, Adobe describes the flaw as "could result in remote code execution" for pointing out that cyber-criminals are likely to manage compromise the computer as well as install malicious code onto it via exploiting the flaw.

Incidentally, among Adobe's 12 fresh flaws are included, buffer as well as heap overflow vulnerabilities, memory corruption flaws, a DLL file compromising bug, a bug labeled "security bypass," and an XDS or cross-document scripting vulnerability.

States Adobe that the "security bypass" flaw is a Reader X-specific flaw, which given particular conditions, allows a hacker to compel the browser plug-in of Reader pull down a non-PDF document. Computerworld.com reported this.

Remarking about Adobe's newest patches, Jason Miller Research and Development Manager at VMware stated that administrators had been long waiting for a few of them. Eweek.com published this on June 14, 2011.

Additionally McAfee researchers said that all through 2010, malware writers had abundantly exploited vulnerabilities within Flash as also PDF technologies; consequently, it was necessary that administrators treated Adobe fixes as a-priori issue. Eweek.com reported this.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 6/24/2011