Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Adobe patches second Flash zero-day in 9 days

Gregg Keizer, Computerworld | June 15, 2011
For the second time in nine days, Adobe on Tuesday patched a critical vulnerability in Flash Player that hackers were already exploiting.

Adobe also applied at least four -- and perhaps several more -- patches to Reader X that it had declined to fix in three earlier out-of-band updates going back to March.

Although the company had patched older editions in those updates, it had not fixed Reader X, saying each time that because the program's "sandbox" prevented malware from affecting the computer, it would instead wait for Tuesday's already-scheduled quarterly update.

Reader X, which Adobe rolled out last November, includes anti-exploit sandbox technology designed to isolate the program from the rest of the system. Theoretically, the sandbox ensures that malware which does launch inside Reader X can't escape to infect the PC or Mac.

According to Adobe, none of the Reader vulnerabilities patched Tuesday have been exploited in the wild.

At the same time it shipped the Flash Player and Reader security refreshes, Adobe also patched 24 vulnerabilities in Shockwave Player, two in LifeCycle Data Services and Blaze DS -- a live streaming service and data push service, respectively -- and two in ColdFusion, an Adobe development platform.

The patched versions of Reader and Flash Player can be downloaded from Adobe's Web site. Alternately, users can run the programs' integrated update tool or wait for the software to prompt them that a new version is available.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.