Software firm Adobe released a critical update for its Flash Player this week, fixing ten flaws that variously affected the Windows, Mac and Linux versions of its software.
Labeling the vulnerabilities as "critical," the company warned that the most serious flaws fixed by the patch could be exploited by a specially-crafted Flash (SWF) file to compromise vulnerable systems and urge users to apply the software fix. Adobe Flash has become a popular way to add interactivity to Internet sites and is installed on 98 percent of Internet-enabled PCs, according to the company.
The ubiquity of the Flash Player software has caught the attention of security researchers and online fraudsters. Earlier this year, Stanford University researchers used a Flash advertisement to show that an attacker could have infected 100,000 users in three days for less than $100. Apple patched a flaw in the handling of Flash content by its QuickTime player last week, after two researchers had used to flaw to demonstrate a proof-of-concept attack on players in the virtual world of Second Life.
Last month, Adobe patched flaws in its other popular desktop program, Acrobat.
The patches can be downloaded from Adobe's Download Center.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos