Adobe has released a new security update for Flash Player that fixes several critical security vulnerabilities in the product. The vulnerabilities affect all platforms Flash Player is available on. Affected software versions are Adobe Flash Player 11.1.102.55 and earlier for Windows, Macintosh, Linux and Solaris operating systems, as well as Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.
Adobe users can test the version of their Flash Player installation at the about page on the Adobe website. There they see the installed version and the latest version available. Flash Player needs updating if the installed version is lower than the most recent version.
Android users can verify the version of Flash Player by going to Settings > Applications > Manage Applications > Adobe Flash Player x.x.
Adobe recommends to update Flash Player to the latest version as soon as possible to protect the system from attacks targeting the vulnerabilities.
The patch fixes vulnerabilities that could allow an attacker to cause a crash on the system to take control of it, and a single cross-site scripting vulnerability that could allow an attacker to take actions on ” a user’s behalf on any website or webmail provider, if the user visits a malicious website”. Adobe notes that the cross-site scripting vulnerability is actively exploited by attackers who try to trick users into clicking on a malicious link in email messages.
Google Chrome users have received the update automatically. A download at the official Flash Player download center is recommended for all other desktop operating systems. Android users find the latest Flash Player version on Android Market.
Flash Player users who cannot update to Flash Player 11 can download a patch for Flash Player 10.x from this Knowledge Base article.
0 comments:
Post a Comment