News

Second Adobe Flash Fix in a Month Released

Adobe released a patch late Tuesday that targets two vulnerabilities in its Flash Player.

Classified as "critical," the fix affects all versions of Flash running on Windows, Macintosh, Linux, Solaris and the Android mobile platform. According to Adobe, if unpatched, "these vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system," the company said in a security bulletin.

The first vulnerability the fix addresses is a "memory corruption vulnerability in Matrix3D." If unattended to, this could lead to a remote code execution attack. The second item addressed patches integer errors that may lead to an attacker exploiting an information disclosure hole.

Both vulnerabilities are receiving a fix before the flaws have been exploited in the open, according to Adobe.

This week's security update arrives only 20 days after Flash's last fix took care of seven vulnerabilities in the company's multimedia platform.

Tuesday's fix from Adobe is noteworthy due to the fact that it is the first update to institute the company's new priority ratings system, unveiled last week on the Adobe Web site.

"We want to be as simple and direct as possible about the real-world risk associated with the vulnerabilities addressed in any given security update, and we decided that adopting a separate priority ranking scheme was the best way to accomplish this," said Adobe's David Lenoe, in a blog post.

The rating system is based on a three-part ranking scale, with updates being labeled either Priority 1, Priority 2 or Priority 3.

Priority 3 fixes are the least severe, and typically take care of issues found in products that are low priorities for attacks. Adobe recommends that they be updated at the discretion of network admins.

Priority 2, which Tuesday's Flash patch is classified as, takes care of exploits that are hard to pull off in Adobe products that have a history of attacks. The company suggests that Priority 2 fixes be rolled out within 30 days of the update being issued.

Finally, Priority 1 updates target exploits that are currently being exploited in the wild. Adobe recommends these be patched within 72 hours of a fix release.

Tuesday's Adobe Flash update can be downloaded here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Office 365 Attack Simulator Now Supports Attachments

    The Attack Simulator in Office 365 tool has been updated and now has the ability to include message attachments in targeted campaigns, according to a Friday Microsoft announcement.

  • How To Disable Touch Input in Windows 10

    When the touchscreen on your Windows 10 laptop goes bad, there's no reason to throw that baby out with the bath water.

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.