Adobe patches flash bugs, releases sandboxed Firefox plugin

Adobe patches flash bugs, releases sandboxed Firefox plugin

Tags:    Adobe   Firefox   Flash Player   Mozilla

By Gregg Keizer, Computerworld (US) | Jun 13, 2012

Adobe today patched seven critical vulnerabilities in Flash Player -- the fifth security update so far in 2012 -- and released a sandboxed plug-in for Mozilla's Firefox.

The company also released the "silent update" tool for OS X, and said it had prepped Flash for the upcoming OS X 10.8, aka Mountain Lion, by signing its code, a requirement if users are to install software downloaded from sources other than Apple's own Mac App Store.

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," said Adobe in an advisory published Friday.

The flaws were all over the map, and included memory corruption, integer and stack overflow, and security bypass bugs. One of the seven was tagged as a "binary planting" vulnerability in the Flash installer.

"Binary planting" is a synonym for what others call "DLL load hijacking," a bug class first uncovered nearly two years ago by HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit.

Because many Windows applications don't call DLLs using a full path name, instead using only the filename, hackers can trick an application into loading a malicious file with the same title as a required DLL.

Unlike the last Flash security update, which Adobe issued May 4, today's bug patches are for vulnerabilities that the company has not seen exploited in the wild.

 
 
1234 > >>

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Accelerating the Deployment of the Evolved Cyber Range
Ixia BreakingPoint creates an Internet-scale cyber range environment from a single 7-inch-high device for arming and training cyber warriors. Learn how BreakingPoint can be used by organizations to defend national interests by assessing, educating, and certifying elite cyber warriors and equipping those forces to harden the resiliency of critical network and data center infrastructures.
A Six-Step Plan for Competitive Device Evaluations
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments. Following this will give insights on how to evaluate and select the network or security devices for Enterprise, Federal, and Carrier Infrastructures
 
 
 
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.