Adobe warns of critical Flash Media Server vulnerability

Adobe issues update correcting two critical flaws in Flash Media Server 3.5.2 and earlier versions.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. issued an advisory Friday warning of two critical Flash Media Server (FMS) vulnerabilities that could be used by attackers to alter streaming videos or set up attacks within Flash-based content.

The FMS server is used by enterprises to stream Flash videos and other content. Adobe said FMS versions 3.5.2 and earlier contain a denial-of-service flaw, which could enable attackers to crash the server and possibly execute malicious code. A directory traversal vulnerability could allow an attacker to upload malicious code on the server and set up attacks within Flash video code.

FMS version 3.5.3 is available as a free maintenance update and corrects the vulnerabilities.

Adobe Systems updates:
Active PDF attacks target Reader, Acrobat zero-day vulnerability: Malicious PDF files discovered in the wild spread via an email attachment and target a yet-to-be patched hole in Adobe Reader and Acrobat.

Adobe updates Flash Player, fixes seven serious vulnerabilities: Adobe Flash Player 10.0.42.34 repairs memory corruption errors and a data injection vulnerability that could enable an attacker to crash the player and take control of a machine.

Attackers continue to target Adobe products because the software is widely used and not always upgraded with the latest Adobe updates. Security researchers have also been devoting a lot of time finding vulnerabilities in the company's software. While antivirus vendors push out signatures that can detect malware attempting to exploit vulnerabilities, experts warn that new malicious code is developed daily and not all attacks can be detected.

Adobe issued another advisory last Tuesday warning of ongoing PDF attacks targeting a zero-day vulnerability in Adobe Reader and Acrobat. Some security firms have detected limited email attacks containing malicious PDF files attempting to exploit a remote code execution vulnerability in Reader and Acrobat 9.2 and earlier versions.

Adobe has reportedly said it did not plan an emergency patch to repair the hole because it did not want to disrupt its quarterly update process.

Dig deeper on Web Application and Web 2.0 Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close