Adobe Flash Player update closes critical object confusion hole

1 minute read

Flash_Logo_b_80The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player.

An update to Adobe Flash Player 11.2.202.235 on Windows, Mac OS X and Linux should be applied by anyone running version 11.2.202.233 or earlier. The version of Flash player being run can be verified by visiting the Flash Player About page and can be obtained from Adobe’s Flash Player Download page. Windows users should be able to also activate the silent update recently introduced to Flash Player.

Google Chrome’s Flash Player has already been updated automatically. Android users should, depending on their version of Android, update their players; Android 4.0 users running 11.1.115.7 and earlier should update to 11.1.115.8 and Android 3.0 users running 11.1.111.8 and earlier should update to 11.1.111.9. In either case, users should browse to Google Play and its Flash Player page for the update.

Leave a comment