The Register® — Biting the hand that feeds IT

Feeds

Adobe lobs out Flash update to plug 3D security hole

Two critical bugs spark patch rollout rush

By John Leyden, 6th March 2012
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Adobe has released an out-of-schedule upgrade for its Flash Player software that tackles two serious vulnerabilities.

The cross-platform update is suitable for users of Windows, Mac OS X, Linux and Solaris. Android punters also need to patch their smartphones to guard against possible attack.

The two flaws involve a memory corruption vulnerability in Matrix3D that could lead to malicious code execution, and a lesser information disclosure vulnerability that stems from integer-handling errors in Flash Player. Both flaws were discovered by security researchers at Google.

There's no evidence that either of the bugs have been exploited, but Adobe's decision to release the security patches now, rather than waiting for its next monthly update cycle to come along, indicates that it would be foolish to discount the importance of the flaws simply because they haven't been weaponised.

Vulnerabilities in Adobe Flash, Acrobat and Java have joined traditional holes in browsers as prime targets for malware-pedlars and hackers.

Users need to upgrade to version 11.1.102.63 of Flash Player. This software is bundled in the latest version of Google Chrome. The software is also available direct from Adobe, as explained in a security alert here. ®

Customer Success Testimonial: Recovery is Everything

COMMENTS

House Rules Send Corrections
All Reader Comments (7)
Highly Rated
asdf
Reply Icon

Re: Fools

You mean their decision to be one of the first to outsource to India with their 10 for $1 workers has lead to a decrease in quality? All lies.

1
0
Anonymous Coward

Writing This Correctly

"Vulnerabilities in Adobe Flash, Acrobat and Java have been the worst internet security risks for at least four years now".

1
0
Anonymous Coward
Reply Icon

Re: Fools

It can't be related to India and you are obviously a politically incorrect, racist,<insert some more PC names here> man. You should be reported to the PC police for reeducation.

0
0

More from The Register

Nuke plants to rely on PDP-11 code UNTIL 2050!
Programmers and their walking sticks converge in Canada
178
Bjarne Again: Hallelujah for C++
Plus: Now officially OK to admit you never used STL algorithms
101
Interwebs taunt Sir Jony over Apple eye candy makeover
Hey Ive, Ive... add more unicorns, willya?
79
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
119
Red Hat to ditch MySQL for MariaDB in RHEL 7
So long, Oracle! Don't let the door hit you on the way out
65
Shy? Socially inadequate? Fiddling with your phone could help
App 'tells the brutal truth' about social inadequates' chatup lines
22
Java EE 7 melds HTML5 with enterprise apps
New release arrives with GlassFish, NetBeans support
12
breaking news
'Office Facebook' firm Tibbr wants you to PAY for mobe-meetings app
Great idea. Punters won't cough for it though
9
breaking news
PM Cameron calls for modern, programmable computers! (We think)
IT education musings to G8 chiefs to mystify IT industry
105
Apple at WWDC: Sleek new iOS, death of the big cats, pint-sized Mac Pro
CEO Cook: 'The biggest change to iOS since the introduction of the iPhone'
151