News

Adobe Flash Player patch fixes critical holes, releases silent automatic updater

SearchSecurity.com Staff

Adobe released a bulletin addressing critical flaws in Adobe Flash Player for Windows, Mac, Linux and early editions of Android and incorporating a new silent update feature for Adobe Flash Player 11.2. The Adobe Flash Player patch addresses

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

security flaws that could cause a crash or allow an attacker to take control of an affected system.

The security update (APSB12-07) addresses two  memory corruption vulnerabilities, one related to URL security domain checking that could lead to code execution in ActiveX, Windows 7 or Vista (CVE-2012-0772) and one in the NetStream class that could lead to code execution (CVE-2012-0773).

The bulletin affects users running Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Mac, Linux and Solaris operating systems, Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x, Adobe AIR 3.1.0.4880 and earlier versions for Windows, Mac and Android.

Adobe cautioned that the vulnerabilities do not exist in Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x.

After updating Flash to version 11.2, users will be prompted to choose how they want to receive updates in the future, including a new feature which will automatically install them in the background, according to the Adobe Secure Software Engineering Team Blog.

According to the blog post, the Adobe silent automatic updater will check with Adobe every hour until it receives a response. If there is an update it will be completed automatically; if not it will check again after 24 hours. The blog also mentioned that update preferences can be changed at any time through the Settings Manager.

~ Stephanie Wright, Contributor