This new update mechanism silently updates Windows computers with the latest Flash Player patches and updates – eliminating the need for users to perform these updates themselves. That fix is for a publicly disclosed attack called the Rosetta Flash for which proof-of-concept exploits exist.Adobe released Flash Player 11.2 today with a key new security feature – automatic installation of updates.įlash Player 11.2 adds optional automatic background updates for Windows to make updating to new versions of Flash Player hassle free. On Tuesday, Adobe again tried to patch a flaw it partially fixed twice before. Without it, a rogue website could, for example, harvest the emails of users who have Gmail opened in another tab. The new Flash updates also fix four vulnerabilities that can be exploited to bypass the same-origin policy, a critical security mechanism in browsers that prevents code running on a website from accessing the content of other websites opened in the same browser. Earlier this year, attackers started exploiting a Flash Player vulnerability just one week after Adobe released a patch for it. However, history has shown that attackers are quick to target new Flash flaws after a fix becomes available for them. These are the kind of vulnerabilities used in drive-by download attacks launched through compromised websites or malicious ads to install malware on users’ computers.Īdobe is not aware that any of the newly-patched vulnerabilities are being actively exploited by attackers. Six of the new vulnerabilities patched in Flash Player could be exploited to achieve remote code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |