News

Second Adobe Flash Fix in a Month Released

Adobe released a patch late Tuesday that targets two vulnerabilities in its Flash Player.

Classified as "critical," the fix affects all versions of Flash running on Windows, Macintosh, Linux, Solaris and the Android mobile platform. According to Adobe, if unpatched, "these vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system," the company said in a security bulletin.

The first vulnerability the fix addresses is a "memory corruption vulnerability in Matrix3D." If unattended to, this could lead to a remote code execution attack. The second item addressed patches integer errors that may lead to an attacker exploiting an information disclosure hole.

Both vulnerabilities are receiving a fix before the flaws have been exploited in the open, according to Adobe.

This week's security update arrives only 20 days after Flash's last fix took care of seven vulnerabilities in the company's multimedia platform.

Tuesday's fix from Adobe is noteworthy due to the fact that it is the first update to institute the company's new priority ratings system, unveiled last week on the Adobe Web site.

"We want to be as simple and direct as possible about the real-world risk associated with the vulnerabilities addressed in any given security update, and we decided that adopting a separate priority ranking scheme was the best way to accomplish this," said Adobe's David Lenoe, in a blog post.

The rating system is based on a three-part ranking scale, with updates being labeled either Priority 1, Priority 2 or Priority 3.

Priority 3 fixes are the least severe, and typically take care of issues found in products that are low priorities for attacks. Adobe recommends that they be updated at the discretion of network admins.

Priority 2, which Tuesday's Flash patch is classified as, takes care of exploits that are hard to pull off in Adobe products that have a history of attacks. The company suggests that Priority 2 fixes be rolled out within 30 days of the update being issued.

Finally, Priority 1 updates target exploits that are currently being exploited in the wild. Adobe recommends these be patched within 72 hours of a fix release.

Tuesday's Adobe Flash update can be downloaded here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus