Article

Adobe warns of critical Flash Media Server vulnerability

SearchSecurity.com Staff

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. issued an advisory Friday warning of two critical Flash Media Server (FMS) vulnerabilities that could be used by attackers to alter streaming videos or set up attacks within Flash-based content.

The FMS server is used by enterprises to stream Flash videos and other content. Adobe said FMS versions 3.5.2 and earlier contain a denial-of-service flaw, which could enable attackers to crash the server and possibly execute malicious code. A directory traversal vulnerability could allow an attacker to upload malicious code on the server and set up attacks within Flash video code.

FMS version 3.5.3 is available as a free maintenance update and corrects the vulnerabilities.

Adobe Systems updates:
Active PDF attacks target Reader, Acrobat zero-day vulnerability: Malicious PDF files discovered in the wild spread via an email attachment and target a yet-to-be patched hole in Adobe Reader and Acrobat.

Adobe updates Flash Player, fixes seven serious vulnerabilities: Adobe Flash Player 10.0.42.34 repairs memory corruption errors and a data injection vulnerability that could enable an attacker to crash the player and take control of a machine.

Attackers continue to target Adobe products because the software is widely used and not always upgraded with the latest Adobe updates. Security researchers have also been devoting a lot of time finding vulnerabilities in the company's software. While antivirus vendors push out signatures that can detect malware attempting to exploit vulnerabilities, experts warn that new malicious code is developed daily and not all attacks can be detected.

Adobe issued another advisory last Tuesday warning of ongoing PDF attacks targeting a zero-day vulnerability in Adobe Reader and Acrobat. Some security firms have detected limited email attacks containing malicious PDF files attempting to exploit a remote code execution vulnerability in Reader and Acrobat 9.2 and earlier versions.

Adobe has reportedly said it did not plan an emergency patch to repair the hole because it did not want to disrupt its quarterly update process.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: