Adobe unveils Flash Player security update

Software vendor to plug security holes in media player with latest product update.

Software update

Software vendor Adobe has announced an update for its popular Flash Player.

The new version fixes a number of security holes, including critical vulnerabilities that could result in memory corruption, stack overflows, security bypasses, null dereferencing and DLL hijacking.

Most of the addressed flaws deal with problems that could help hackers execute code on a user's machine.

Advertisement - Article continues below

These updates address vulnerabilities that could cause a crash or allow an attacker to take control of an affected system.

It also includes enhancements to the security of the code on a variety of platforms.

For instance, the Windows version of Flash Player now sports a production version of Flash Player Protected Mode for Firefox. This sandboxes the code in the browser, making it more difficult for hackers to access other processes on a user's machine.

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," said Adobe in an advisory.

Mac users get silent updating in the background. This runs a daemon on the machine every hour to check for updates on Adobe's servers. When updates are available, it downloads them once a response has been obtained.

This feature can be disabled in the Flash Player preferences menu.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Adobe has also signed the code on the Mac version in readiness for the Mac OS X release of Mountain Lion.

The next version of Apple's operating system will feature "GateKeeper". This is designed to protect users from malware while downloading applications on to their computers.

"Starting with Flash Player 11.3, Adobe has started signing releases for Mac OS X using an Apple Developer ID certificate," said Brad Arkin, Adobe's senior director of security, products and services, on a company blog.

When the Gatekeeper function is set to 'Mac App Store and identified developers,' end-users would "be able to install Flash Player without being blocked," added Arkin.

Flash Player on Windows and Macintosh will get updated to version 11.3.300.257, while Linux gets updated to 11.2.202.236. All previous versions should be treated as vulnerable to attack from criminals.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/security/privacy/355231/facebook-tried-to-buy-spyware-firm-its-now-suing-to-monitor-ios-users
privacy

Facebook tried to buy NSO Group's Pegasus spyware to monitor iOS users

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft’s patent design reveals a mobile device with a third screen

6 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020