The seventh major update to OS X this year includes a fix that stems from a vulnerability Apple patched in the iPhone earlier this year but apparently never scrubbed on OS X. According to security vendor Core Security – which said it released details about the flaw ahead of Apple’s advisory after waiting nearly three months for Apple to fix it — the vulnerability is a variation of the flaw exposed this summer that helped iPhone users jailbreak devices running iOS4. Apple fixed that bug in the iPhone shortly after the exploit was released, but until last week the flaw remained a weak spot in OS X 10.5/Leopard systems, Core said.
Posts Tagged: adobe flash player
Adobe on Thursday released an update to its Flash Player software that fixes at least 18 security vulnerabilities, including one that is being exploited in targeted attacks.
The Flash update brings the latest version to v 10.1.102.64. To find out if your computer has Flash installed (it almost certainly does) and what version it may be running, go here. The new version is available from this link, but be aware that if you accept all of the default settings, the update may include additional software, such as a toolbar or anti-virus scanner.
If you’d like to avoid Adobe’s obnoxious Download Manager and all these extras, grab the update from this link instead. Updates are available for Windows, Macintosh, Linux, and Solaris versions of Flash.
If you use Internet Explorer in addition to other browsers, you will need to apply this update twice: Once to install the Flash Active X plugin for IE, and again to update other browsers, such as Firefox or Google Chrome (you may find that Google has already updated their browser with this fix). Also, while it’s not strictly necessary, Adobe recommends that users uninstall the previous version of Flash before updating to the latest copy of Flash. Instructions and tools for removing Flash are here.
More information on the vulnerabilities fixed in this patch is available in the Adobe advisory.
Adobe Systems pushed out a critical security update for its Shockwave Player that fixes nearly a dozen security vulnerabilities. The software maker also is warning that attackers are targeting a previously unidentified security hole in its Acrobat and PDF Reader products.
The Shockwave patch plugs 11 security holes in program, most of which attackers could use remotely to take control over an affected system. Updates are available for Mac and Windows computers, from this link. The latest version is 188.8.131.525. Before you blithely click through the process, keep a lookout for pre-checked “free” software that will install alongside this Shockwave update if you simply accept all the default options. When I tested the Shockwave installer, it included a “free PC performance scan from PC Tools’s Registry Mechanic. I opted to untick the check mark next to that option before proceeding with the rest of the install, which was otherwise uneventful.
Due to Adobe’s huge market share and apparent abundance of as-yet-undiscovered security holes, life with Adobe’s products can feel a bit like playing Whac-a-Mole: Just when you’ve patched one Adobe product it seems like there’s another one under assault by attackers. True to form, Adobe released a separate advisory today warning that hackers were targeting a critical flaw in the latest version of its Acrobat and PDF Reader products.
Adobe said a critical vulnerability exists in Adobe Flash Player versions 10.1.82.76 and earlier, for Windows, Mac, Linux, Solaris, UNIX and Android operating systems. In a security advisory, Adobe warned that the flaw could cause Flash to crash and potentially allow an attacker to seize complete control over an affected system.
Worse still, there are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe’s advisory states that while the latest versions of Adobe Acrobat and Reader also contain the vulnerable Flash components, the company is not aware of attacks against the Flash flaw in those programs.
That last bit may be of little comfort to Adobe Acrobat and Reader users: Last week, Adobe issued a similar advisory warning that hackers were attacking an as-yet unpatched critical flaw in both of those programs.
Adobe said it is in the process of finalizing a fix for the Flash issue and expects to provide an update for Flash Player on Windows, Mac, and Android systems during the week of Sept. 27, 2010. Updates to fix the Flash flaw in Adobe Reader and Acrobat should be ready by the week of October 4, 2010, Adobe said.
Flash is one of those Web components that can be difficult to do without. I often urge readers who use Firefox to install and use the Noscript add-on, which blocks Flash-based content by default and lets the user decide which Flash videos to enable.
As promised, Adobe has released a new version of its Flash Player software to fix a critical security flaw that hackers have been exploiting to break into vulnerable systems. The update also corrects at least 31 other security vulnerabilities in the widely used media player software.
The latest version, v. 10.1, fixes a number of critical flaws in Adobe Flash Player version 10.0.45.2 and earlier. Don’t know what version of Flash you’ve got installed? Visit this page to find out. The new Flash version is available for Windows, Mac and Linux operating systems, and can be downloaded from this link.
Note that if you use both Internet Explorer and non-IE browsers, you’re going to need to apply this update twice, once by visiting the Flash Player installation page with IE and then again with Firefox, Opera, or whatever other browser you use.
Please take a moment to check if you have Flash installed and — if so — to update it: A working copy of the code used to exploit this vulnerability has been included in Metasploit, an open source penetration testing framework. Also note that Adobe likes to bundle all kinds of third party software — from security scanners to various browser toolbars — with its software, so if you don’t want these extras you will need to uncheck the box next to the added software before you click the download button.
The vulnerability that prompted Adobe to issue this interim update (the company had been slated to issue these and other security updates on July 13) also is present in Adobe Reader and Acrobat, although Adobe says it does not plan to fix the flaw in either of these products until June 29.
Note that Flash generally comes with Adobe Download manager, a package that in prior versions has been found to harbor its own security vulnerabilities. The download manager is designed to uninstall itself from machines after a reboot, so to be on the safe side, you may want to reboot your system after updating Flash.
Adobe Systems Inc. today released an updated version of its Flash Player software to fix two critical security holes in the ubiquitous Web browser plugin. Adobe also issued a security update for its Air software, a central component of several widely-used Web applications, such as Tweetdeck.
The Flash update brings the newest, patched version of Flash to v. 10.0.45.2, and applies to all supported platforms, including Windows, Mac and Linux installations. Visit this link to find out what version of Flash you have. The latest update is available from this link.