Adobe Releases Out-of-Band Patch
Adobe released an out-of-band security update to address six critical vulnerabilities, all affecting Adobe Flash Player.
One of the six, a cross-site scripting vulnerability identified as CVE-2011-2444, is reportedly being exploited in the wild. The bug is reportedly being used in targeted attacks that involve malicious links sent out to targets through email messages.
Adobe attributed the discovery of CVE-2011-2444 to Google, who, in response to finding the vulnerability, issued an update for the Google Chrome browser to prevent attackers from exploiting the security hole.
Users are strongly advised to apply the patches as soon as possible, especially since exploiting any the addressed vulnerabilities can lead to either remote code execution, or information disclosure.
Note that users who utilize multiple browsers may need to update their other browsers separately. Users can visit this page through all their browsers to check if they have the latest version of Adobe Flash Player installed, and this page to update. Here is the list of Adobe Flash Player versions affected by vulnerabilities addressed in this update:
- Flash Player 10.3.183.7 and earlier
- Flash Player 10.3.183.7 and earlier for network distribution
- Flash Player 10.3.186.6 and earlier for Android
- Flash Player 10.3.183.7 and earlier for Chrome users
We will update this post once we find more information about the exploit.
Post from: TrendLabs | Malware Blog – by Trend Micro
Adobe Releases Out-of-Band Patch
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet