Adobe patches critical security flaw
By Chris Taylor
23/09/2011
Software firm Adobe has patched six critical vulnerabilities in its Flash platform in response to weaknesses affecting Google's email platform Gmail amongst others.
The latest scare for Gmail users, identified as 'CVE-2011-2444', is extraordinarily similar to an email attack in June. Once again, it was Adobe's rich-multimedia platform Flash that was responsible for the vulnerability.
Google itself informed the firm of the threat.
In a security advisory notice, Adobe recommended all Flash users apply the latest updates for their product installations. Enterprises with patch management software should however be protected automatically.
Network World specifically described the problem as "a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers." It added that in this case, "browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in."
Adobe said that the flaw affected versions of Flash Player 10.3.183.7; including earlier versions for Windows, Macintosh, Linux and Solaris. Meanwhile Flash Player 10.3.186.6 was also an issue for Android devices.
The Inquirer says that other patched vulnerabilities include the ability to launch arbitrary code executions from within the AVM stack, a denial of service condition, a Flash security bypass exploit, and two instances of remote code execution logic errors.
