Software maker Adobe has released yet another security update for Adobe Flash (version 220.127.116.11), addressing a bug on Flash’s Matrix3D class that could be used to enable attackers to corrupt system memory, and (in theory) gain control of a system. The update applies across a broad range of Adobe’s Flash offerings, impacting Flash for Windows, Mac OS X, Linux, Solaris, and Android. Users can download and install the update for free from Adobe’s Web site; users who can’t update to Flash 11 can download a version of Flash Player 10 that fixes the same vulnerability. Android users should get new versions of Flash from the Android Market: folks with Android 3.x and 2.x devices should update to Flash Player 18.104.22.168; folks far enough ahead of the curve to have Android 4 Ice Cream Sandwich can grab Flash 22.214.171.124. Google Chrome users can get an update from Google Chrome Releases.
The vulnerability was discovered by Tavis Ormandy and Fermin Serna of Google’s security team. Adobe classifies the vulnerability as a “priority 2” in Adobe’s just-introduced three-level advisory system — think of it as a terror alert level without pretty colors. Priority 2 means that the vulnerability could be used to take control of a user’s computer or device, but there are no known exploits in the wild and Adobe doesn’t expect any are imminent. Adobe does recommend site administrators apply the patch within 30 days.
The Flash update also closes a second loophole in integer handling that Adobe classifies as an “information disclosure” problem.
The security update is the second Adobe has released in the last 20 days; the most recent release, on February 15, would have been a “priority 1” update on Adobe’s new scale, since it involved a zero-day exploit already being used by attackers.
- Go ahead, have another! The best ridesharing apps help get you home safely
- Roku users get another great streaming option with the arrival of YouTube TV
- YouTube TV comes to yet another platform, arriving on the Apple TV
- ‘Mystery Science Theater 3000: The Return’ gets another season on Netflix
- Ridley Scott is ready for another ‘Blade Runner’ sequel