A new version of Flash was announced by Adobe today. Version 11.8.800.168 fixes four critical vulnerabilities. The official release announcement from Adobe provides details on all of the changes in this new version.
Anyone who uses a Flash-enabled web browser should install the new version as soon as possible. That includes anyone who uses Youtube.
The changes in this version will be ported to the Chrome web browser as embedded Flash version 11.8.800.170. Flash updates for Chrome tend to happen silently in the background. You can see what version of Flash Chrome is currently running by browsing to the chrome://flash/ page. Recently, the version of Flash in Chrome mysteriously rolled back to 11.8.800.97, so it will be interesting to see what happens with 11.8.800.170 (Chrome finally updated itself with Flash 11.8.800.170 on 2013Sep18, a delay of one week, which is somewhat alarming. The version of Chrome itself also changed at the same time, to 29.0.1547.76.)
Internet Explorer 10 on Windows 8 also uses embedded Flash code. Microsoft Security Advisory 2755801, now available from Windows Update, patches IE10 on Windows 8 to use the new Flash version 11.8.800.168.
As if you needed more reasons to be cautious when using email or browsing the web, here are two new warnings, from CERT and Malwarebytes.
According to CERT and the FBI, a new, active spear-phishing campaign is sending email to targeted recipients. This particular email purports to be from “National Center for Missing and Exploited Children” and its subject line is “Search for Missing Children”. Do not open this email or any of its attachments, which contain malware.
Malwarebytes, a respected anti-malware software vendor, recently posted a warning about fake Flash player updates that appear on some (mostly pornographic) web sites. Users are tricked into clicking a link that supposedly updates the Flash player, but actually installs malware. Once the malware is installed, legitimate web-based advertisements will be replaced by ads served by the perpetrators. The new ads are often pornographic in nature, and can appear over ads on any web site.
Version 11.8.800.94 of Flash was announced today. As always, “[t]hese updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.” For a more complete change list for this version, see the Flash Player 11.8 Release Announcement on the Flash Runtime Announcements page.
A patch for Internet Explorer 10 that includes a new version of Flash (also 11.8.800.94) was released by Microsoft today as well.
An update for Flash in Chrome should also become available from Google in the near future. The new version of Flash in Chrome will be 11.8.800.97.
A Flash vulnerability supposedly already fixed by Adobe is still a problem in some browser/platform combinations. This clickjacking exploit works by hiding a Flash security dialog under other page content, enticing the user into unintentionally clicking the dialog and allowing remote access to the user’s camera and microphone. Be careful what you click!
Adobe has just announced another Flash update. The new version is 11.7.700.224. As always, this update addresses “vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”
An equivalent patch for Internet Explorer 10 on Windows 8 will be available from Microsoft Update. The new version of Flash in IE10 will be 11.7.700.224.
Google Chrome has also been updated to include a new version of Flash: 11.7.700.225. Chrome normally updates its own version of Flash automatically.
The latest version of Google’s web browser includes several security and other bug fixes, better spell checking, improved search predictions, improved web page loading times and the latest Adobe Flash for Chrome (11.7.700.203).
Updates for Adobe’s PDF Reader product line were issued today. The updates fix vulnerabilities that could cause instability or allow unwanted remote access on affected computers. The updates bring Reader up to version 11.0.03.
Adobe just announced an update for Flash, version 11.7.700.202. As usual, the update fixes vulnerabilities in Flash that could cause instability or allow remote control of affected computers.
Microsoft, which maintains Flash separately for Internet Explorer 10, released an update for that browser with the latest fixes. The patch is available from Windows Update.
Likewise for Google, which released a corresponding patch for its Chrome browser. Chrome will update itself automatically.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
boot13