News

Adobe Flash Player security update fixes flaws, issues Firefox shield

Robert Westervelt, News Director

Adobe Systems Inc. rolled out a Flash Player security update, fixing seven serious vulnerabilities in the ubiquitous application, while adding support for a protection feature designed to safeguard users from malware infections.

    Requires Free Membership to View

Adobe said in its advisory that the latest version, Flash Player 11.3, fixes flaws that could cause a crash and potentially allow an attacker to take control of the affected system.The update is available for users of Windows, Mac, Linux and Google Android platforms. Adobe AIR patches are also available for Adobe Air running on Windows, Mac and Android.

Sandboxing protection for Mac, Firefox users
Adobe is adding Protected Mode support for users of its Flash Player component in Mozilla Firefox. Protected Mode adds a container to Firefox, isolating it from accessing sensitive resources. The protection makes it difficult for attackers to use Flash Player to gain access to a user’s system. Users have been testing the beta version of Flash Player sandboxing support for Firefox since February. The software maker also produces a sandbox version of Flash Player for the Chrome browser.

Security researchers have demonstrated that sandboxing isn’t a silver bullet. If an attacker attempts to exploit a vulnerability in Flash Player on Firefox, they would then have to design a second attack to attempt to break out of the sandbox and onto the victim’s machine.

“Flash Player Protected Mode for Firefox is another step in our efforts to raise the cost for attackers seeking to leverage a Flash Player bug in a working exploit that harms end users,” said Brad Arkin, senior director of product security and privacy in a blog post describing the new Flash Player protection.

Protected Mode for Adobe Reader was introduced in 2010.

Adobe also added support for a feature added to Mac OS X Mountain Lion called Gatekeeper, which can check for signs that an attacker is tampering with Flash Player. Arkin said the support for Gatekeeper ensures users aren’t downloading a phishing link containing a malicious version of Flash Player. The new auto update feature support for Mac users’ checks for updates hourly. The background updater can download and install the update without interrupting the end user’s session with a prompt,” Arkin wrote.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: