Tag Archives: adobe

Time to Patch Your Flash

April 15, 2011

If it seems like you just updated your Flash Player software to plug a security hole that attackers were using to break into computers, you’re not probably not imagining things: Three weeks ago, Adobe rushed out a new version to sew up a critical new security flaw. Today, Adobe issued a critical Flash update to eliminate another dangerous security hole that criminals are actively exploiting.

This new update addresses a vulnerability first detailed here at KrebsOnSecurity.com on Tuesday, and Adobe deserves credit for responding quickly with a patch. But there are few things that are simple about updating Flash, which ships in a dizzying array of version numbers and for many users must be deployed at least twice to cover all browsers. In addition, users may have to uninstall the existing version before updating to guarantee a trouble-free install. Also, Adobe Air will need to be updated if that software also is already installed. Finally, fixing this same vulnerability in Adobe Reader and Acrobat will require installing another patch, which won’t be out for at least another 10 days.

New Adobe Flash Zero Day Being Exploited?

April 11, 2011

58 Comments

Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources. The attacks come less than three weeks after Adobe issued a critical update to fix a different… Read More »

Spammers Target Kroger Customers

April 1, 2011

58 Comments

Supermarket giant Kroger Company is the latest major business to disclose that its customer list has fallen into the hands of spammers and scam artists.

Test Your Browser’s Patch Status

March 30, 2011

40 Comments

With new security updates from vendors like Adobe, Apple and Java coming out on a near-monthly basis, keeping your Web browser patched against the latest threats can be an arduous, worrisome chore. But a new browser plug-in from security firm Qualys makes it quick and painless to find and patch outdated browser components.

Adobe: Attacks on Flash Player Flaw

March 14, 2011

24 Comments

Adobe warned today attackers are exploiting a previously unknown security flaw in its Flash Player software. The company said the same vulnerability exists in Adobe Reader and Acrobat, but that it hasn’t yet seen attacks targeting the bug in those programs.

Patch Tuesday, Etc.

March 8, 2011

35 Comments

Microsoft has issued security updates to fix at least four security holes in its Windows operating system and other software. Not exactly a fat Patch Tuesday from Microsoft, but depending on how agile you are in updating third-party applications like Flash, iTunes and Shockwave, you may have some additional patching to do.

Adobe, Microsoft, WordPress Issue Security Fixes

February 9, 2011

32 Comments

Talk about Patch Tuesday on steroids! Adobe, Microsoft and WordPress all issued security updates for their products yesterday. In addition, security vendor Tipping Point released advisories detailing 21 unpatched vulnerabilities in products made by CA, EMC, HP, Novell and SCO.… Read More »

Rap Sheets on Top Software Vendors

December 7, 2010

12 Comments

A new online resource aims to make it easier to gauge the relative security risk of using different types of popular software, such as Web browsers and media players.

Java: A Gift to Exploit Pack Makers

October 11, 2010

69 Comments

I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I’ll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors of the best-selling “exploit kits,” commercial software designed to be stitched into hacked or malicious sites to exploit a variety of Web-browser vulnerabilities.

Take one look at the newest kit on the block – “Blackhole” — and it is plain that Java vulnerabilities continue to be give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.

Security Fix for Critical Adobe Flash Flaw

September 20, 2010

24 Comments

Adobe Systems Inc. today rushed out a software update to remedy a dangerous security hole in its ubiquitous Flash Player browser plugin that hackers have been exploiting to break into vulnerable systems.