Patch/Configuration Management, Vulnerability Management

Macromedia urges update to fix Flash flaw

Macromedia announced a vulnerability in its Flash Player 7 program earlier this month, warning users that they could leave PCs open to malicious code.

The company released the advisory on Nov. 2, months after the flaws were reported by eEye Digital Security and Sec Consult in June. In a bulletin on its website, Macromedia said the vulnerability on Flash Player versions and earlier left PCs open to third-party hijackings.

"There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorized code that would have been executed by Flash Player," the bulletin reads.

Macromedia recommended that users download Flash Player 8, which contains a fix for the vulnerability. Users of PCs that do not support Flash Player 8, such as Windows 95 or NT or classic Macintosh operating systems should refer to the Flash Player 7 update Technote, according to the advisory.

Steve Manzuik, product manager with eEye, said he believes many companies are not responding quickly enough to vulnerabilities.

"I think it was probably a matter of finding the right patch," he said. "In general, I think everyone is taking too long to respond," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.