05
Mar 12

Adobe Patches Critical Flash Flaws

facebooktwittergoogle_plusredditpinterestlinkedinmail

For the second time in less than a month, Adobe has issued an update to fix dangerous flaws in its Flash Player software. The patch addresses two vulnerabilities rated “critical,” but Adobe says it is not aware of active attacks against either flaw.

The fixes being released today address a pair of critical bugs that are present in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Mac, Linux and Solaris, Flash Player v 11.1.115.6 and earlier versions for Android 4.x, and Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. Adobe says both flaws in today’s release were reported by Google security researchers.

For Windows, Mac, Linux and Solaris users, the newest version is 11.1.102.63, and is available through the Player Download Center. To find out which version of Flash you have installed, visit this page. Users can grab the latest version from the Adobe Flash Player Download Center, although if you’re not careful to untick the check box next to whatever “optional” goodies Adobe tries to bundle with Flash Player (the most common is McAfee Security Scan Plus) you could end up with more than you wanted.

Windows users who browse the Web with Internet Explorer and another browser may need to apply the Flash update twice, once using IE and again with the other browser. Chrome normally auto-updates Flash – often hours or days before the fixes are publicly released for download — although for some reason I still had the vulnerable version 11.1.102.62 installed when Adobe’s security advisory was released today. According to the Chrome Releases blog, Google began pushing out an update last night that includes the new Flash version.

Today’s update comes close on the heels of a critical Flash patch that closed at least seven security holes, including one that was at the time already being exploited to break into vulnerable systems (that one, also, was reported by Google).

Tags: , ,

30 comments

  1. Hi,

    Firefox + XP, here.

    (1) When I go to the Adobe D/L site,
    I’m offered Flash Player version: 10.3.183.16.

    (2) If I go to MajorGeeks,
    they offer Flash Player version: 11.1.102.63.

    (3) the Question:
    Which is the latest version of Flash Player
    and where should I get D/L from?
    (safely & w/o Adware, of course…)
    Kinda confusing…

    thks for pointers!

  2. Thanks, Tea-Time!

    Weird, your 2 prev. posts (above mine),
    only appeared after I posted my comment.

    btw:
    Is Krebs’s site
    having a CSS styling problem? ~bad-hair day :)

    (Firefox + XP here).

  3. Well,
    this Flash update,
    is getting weirder by the minute.

    (1) I UNinstalled Flash Player v.11.2.102.62.
    (using the official ADOBE Flash Player uninstaller).
    from my Firefox 3.6.27 / XP.

    Ok – v.11.2.102.62 UNinstalled successfully.

    (2) I then INSTALLED Flash Player v.11.2.102.63,
    for Firefox , XP 32 bit -
    from the Adobe site pointed by Tea-Time, (see links above)

    But when I re-opened Firefox,
    it still says
    I have the old Flash Player v.11.2.102.62 installed…

    The Adobe site also detects
    that the old v.11.2.102.62 is still installed.

    Any ideas of what’s happening?

  4. Debbie Kearns

    I think you forgot one thing, Brian: the Adobe Flash Player update for Mac users is 11.1.102.64, NOT 11.1.102.63! Just wanted to point that out to you.

    • Ya, I noticed the same thing. Interesting, that just that tiny number can make one slightly paranoid. :-)

  5. I like to use Ccleaner to check which versions are loaded. Takes only one operatioln. BTW that recent Mozilla up certainly sneaked through quietly.

  6. Chrome still isn’t pushing the new version to me.

    • Ron Blackwell

      Google has now pushed out the new Chrome update.

      • Yeah! And it TOTALLY failed on Vista Home Premium x64. I can no longer use Chrome – good riddance for all I care, I didn’t like their new EULA.

        So I went to Comodo and got their version of Chrome, and it works WAY better. They pay attention to privacy issues too! All my pluggins work better – I could go on and on – - – ]:)

  7. ok – people on the DSLreports thread
    are reporting exactly the same problem -

    They d/l the new Flash Player v.11.2.102.63,
    from Adobe,
    but they get the old Flash Player v.11.2.102.62…

    see most recent posts,
    at the bottom of the DSLreports thread:
    http://goo.gl/dpfKW

    • SFdude, why do you keep mislabeling v. 11.1.102.63 as v. 11.2.102.63?

      • You are right, Debbie.
        It’s 11.1… (NOT 11.2 ) .
        My mistake.

        Anyhow,
        ” .63″ is finally installed & working fine,
        thanks to Tea-Time’s perseverance.

        I had some Darjeeling Tea later, in his honor.

        • Lol

          Those are my initials, btw. It’s an oxymoron due to the fact that I really don’t even like tea. Heh

  8. Me too. I am having such errors.

  9. Brian;
    All is well now with the site css. It must have been a slow loading of scripts and graphics problem. Or, it was being restored from backups as I was viewing this article.

    I’ll let you know if this happens again on my watch.

    Wiz

  10. I have a feeling that many people like TEA-Time and SFdude keep mislabeling Adobe Flash Player 11.1 as “11.2″! FYI, Adobe Flash Player is NOT 11.2!

  11. Number of security holes in Flash since last time: 20
    Number of security holes in HTML5 video since last time: 0

    Take the no-flash challenge: Uninstall it and don’t use it for one week. Then reinstall it, use it, and evaluate whether the security risk is worth it.

  12. March 6, 2012

    ### BREAKING NEWS ! ### ADOBE PRESENTS: ###

    Adobe SWF Investigator

    Perform quick, comprehensive, analysis of SWF applications

    - http://labs.adobe.com/technologies/swfinvestigator/

    Download and Discuss:
    - http://labs.adobe.com/downloads/swfinvestigator.html
    Discuss SWF Investigator:
    - http://forums.adobe.com/community/labs/swfinvestigator/

    Adobe® SWF Investigator is the only comprehensive, cross-platform, GUI-based set of tools, which enables quality engineers, developers and security researchers to quickly analyze SWF files to improve the quality and security of their applications. With SWF Investigator, you can perform both static and dynamic analysis of SWF applications with just one toolset. SWF Investigator lets you quickly inspect every aspect of a SWF file from viewing the individual bits all the way through to dynamically interacting with a running SWF.

  13. Don’t know if this is a glitch of the newest flash player or a Firefox problem. Today–for no apparent reason–no video (e.g. YouTube et al.) can be adjusted on my XPSP3 system via the video’s own volume or screen size controls. On Firefox, I am stuck with the small image and with the volume controls on my computer and speakers. However, the YouTube et al. on-screen controls work for videos played on IE8.

    Can’t find anything today via Google re this issue. Anyone else encounter it?

    • This evening, the problem disappeared as mysteriously and spontaneously as it appeared. I have no explanation for either.

  14. John David Galt

    I did the Flash update (on Windows XP) and now am going to have to reinstall the old version, because the new one disables the “Download This Video” capability.

    I’m very annoyed that they did this without any prior notice. Could it be that Adobe regards it as a vulnerability when computer owners can download the videos we are viewing with Flash?

    No computer has business being “secure” against its owner.


Read previous post:
Double the Love from Friends and Enemies

KrebsOnSecurity.com earned two honors this week at the RSA Security Conference. For the second year running, it was voted the...

Close