Second Adobe Flash Fix in a Month Released -- Redmondmag.com

Second Adobe Flash Fix in a Month Released

By Chris Paoli
03/06/2012

Adobe released a patch late Tuesday that targets two vulnerabilities in its Flash Player.

Classified as "critical," the fix affects all versions of Flash running on Windows, Macintosh, Linux, Solaris and the Android mobile platform. According to Adobe, if unpatched, "these vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system," the company said in a security bulletin.

The first vulnerability the fix addresses is a "memory corruption vulnerability in Matrix3D." If unattended to, this could lead to a remote code execution attack. The second item addressed patches integer errors that may lead to an attacker exploiting an information disclosure hole.

Both vulnerabilities are receiving a fix before the flaws have been exploited in the open, according to Adobe.

This week's security update arrives only 20 days after Flash's last fix took care of seven vulnerabilities in the company's multimedia platform.

Tuesday's fix from Adobe is noteworthy due to the fact that it is the first update to institute the company's new priority ratings system, unveiled last week on the Adobe Web site.

"We want to be as simple and direct as possible about the real-world risk associated with the vulnerabilities addressed in any given security update, and we decided that adopting a separate priority ranking scheme was the best way to accomplish this," said Adobe's David Lenoe, in a blog post.

The rating system is based on a three-part ranking scale, with updates being labeled either Priority 1, Priority 2 or Priority 3.

Priority 3 fixes are the least severe, and typically take care of issues found in products that are low priorities for attacks. Adobe recommends that they be updated at the discretion of network admins.

Priority 2, which Tuesday's Flash patch is classified as, takes care of exploits that are hard to pull off in Adobe products that have a history of attacks. The company suggests that Priority 2 fixes be rolled out within 30 days of the update being issued.

Finally, Priority 1 updates target exploits that are currently being exploited in the wild. Adobe recommends these be patched within 72 hours of a fix release.

Tuesday's Adobe Flash update can be downloaded here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.