Adobe on Friday released a new version of its popular Flash Player to patch seven vulnerabilities, according to a bulletin.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
Adobe on Wednesday released an update for its Flash Player, which includes a capability for users to receive future updates automatically.
The malicious file spreads thanks to a vulnerability in the popular Adobe Flash software.
A cross-site scripting vulnerability being exploited in the wild has prompted Adobe to issue an update to its Flash Player, a move that may catch security pros off guard.
Adobe has added a beta sandbox feature to its Flash Player running in the Mozilla Firefox browser, the company announced Monday
Adobe patched a dozen bugs on Thursday with an update to its Flash Player.
With the exception of issuing critical security fixes for existing installations, Adobe will no longer develop new versions of Flash for mobile.
Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.
Critical updates were released for Adobe Flash Player, Flash Media Server, Shockwave Player and Photoshop CS5.
An Adobe Flash vulnerability that was fixed this week is being leveraged in widespread but targeted drive-by downloads and spear phishing attacks.
Adobe on Thursday issued a Flash Player update that quashes a number of critical security flaws and introduces an easier way for users to delete Flash cookies.
Adobe is set to release an emergency update on Friday to its Flash Player for Windows, Mac, Linux and Solaris, shoring up a zero-day vulnerability disclosed earlier this week. Users of Flash for Google Chrome will receive the update on Thursday via the browser's auto-update mechanism. Attackers are actively exploiting the flaw under the guise of a legitimate Microsoft Word document, Adobe has warned. The company expects to provide an update no later than the week of April 25 for Adobe Acrobat X and earlier for Windows and Mac, Adobe Reader X for Mac and Adobe Reader 9.4.3 and earlier for Windows and Mac. Adobe Reader X for Windows is expected to be updated with the next quarterly release, scheduled for June 14.
Adobe has its hands full with another Flash zero-day vulnerability, this one being actively exploited to target users under the guise of a legitimate Microsoft Word document.
A fix is expected later today for a critical vulnerability in Adobe Flash Player 10.x and earlier versions used on various operating systems, as well as Reader and Acrobat X. The flaw could cause a crash and enable an attacker to gain control of an affected system. Limited exploits in the wild against Flash Player - embedded in an Excel file and attached to email - have been reported. Adobe stated that it is not aware of attacks targeting Adobe Reader and Acrobat.
Google on Tuesday updated Chrome to close a zero-day flaw in the web browser's version of Adobe Flash Player, ahead of rival browsers Internet Explorer, Firefox, Safari and Opera - and even ahead of Adobe itself. Chrome 10.0.648.134 contains an updated build of Flash Player, which Google received for integration and testing as part of a collaboration with Adobe, an Adobe spokeswoman told SCMagazineUS.com on Thursday. Meanwhile, Adobe on Monday warned that attackers currently are exploiting the flaw through malicious Microsoft Excel files. The software maker is finalizing a fix and plans to patch Flash for Windows, Mac OS X and Linux next week.
Adobe on Monday warned of a "critical" zero-day vulnerability in Flash Player that attackers currently are exploiting through Microsoft Excel files.
Adobe on Tuesday released its quarterly security update, fixing dozens of vulnerabilities, including 29 flaws in its popular PDF viewing software Reader and Acrobat and 13 in Flash Player.
Adobe and Google have partnered to allow Flash to run with sandboxing technology in the Chrome browser, the two companies announced Wednesday. "This first iteration of Chrome's Flash Player sandbox for all [supported] Windows platforms uses a modified version of Chrome's existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones," read a post on The Chromium Blog. The release initially is available to Chrome developer channel users. In November, Adobe released its latest Reader version, X, which includes sandboxing that forces operations that display PDF files to the user to be run inside a confined environment. - DK
A "critical" zero-day vulnerability affecting Adobe Flash Player, Reader and Acrobat is being exploited in the wild, Adobe warned on Thursday.
Users may soon be able to run Flash within an app on an iPhone or iPad.
Adobe on Monday revealed a "critical" vulnerability in Flash Player that can be used by an attacker to take control of a targeted system. The flaw affects Flash versions 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris and Android, according to an advisory. The same bug also impacts Adobe Reader 9.3.4 for Windows, Mac and Linux and Acrobat 9.3.4 for Windows and Mac. Adobe is not aware of any public exploits, although there have been reports of them. A fix is scheduled for Sept. 27. Also on Monday, Adobe announced it plans to fast-track its planned quarterly Reader and Acrobat patches by one week, to the week of Oct. 4. The decision comes days after Adobe disclosed a dangerous zero-day vulnerability that is being leveraged in active attacks. — DK
Adobe on Thursday issued an emergency fix for Reader and Acrobat to address a "critical flaw," first disclosed at the Black Hat conference in Las Vegas, that could allow an attacker to compromise a user's system.
Adobe on Tuesday issued fixes for "critical" flaws in its Flash Player. Next week, it plans to release an out-of-band update for Reader and Acrobat.
Adobe on Thursday officially released Adobe Flash Player 10.1 to fix 32 vulnerabilities, some of which could cause an application to crash or allow an attacker to take control of an affected system.
A critical zero-day vulnerability in Adobe Reader, Acrobat and Flash Player is currently being actively exploited by cybercriminals, Adobe has warned.
Adobe on Tuesday pushed out an update for its popular Reader and Acrobat software to remedy two vulnerabilities, one of which could let an attacker execute remote code and take control of an affected system. Users of Reader/Acrobat 9.3 and earlier versions are advised to upgrade to 9.3.1, according to a bulletin. The other flaw corrected by the update is the same one that was patched last week for Flash Player. That bug could enable an attacker to "subvert the domain sandbox and make unauthorized cross-domain requests." — DK
Adobe admitted over the weekend that its popular Flash Player continues to suffer from a crash bug that the company has known about since September 2008. Emily Huang, a product manager, said Saturday in a blog post that the company didn't repair the flaw in Flash Player 10, which shipped soon after it learned about the bug, because of timing. However, the issue, which is not considered a security vulnerability, should have been addressed in subsequent, interim updates. The unresolved bug is expected to be repaired when Flash 10.1 is released this year. "It slipped through the cracks, and it is not something we take lightly," Huang said of the oversight. — DK
A new point of entry has been discovered in Adobe Flash that allows attackers to infect any website which permits visitors to upload content, a researcher claims.
