Tuesday, March 21, 2006

Adobe Warns Of Critical Flash Flaw, Drive-by Downloads

Adobe on Tuesday warned that multiple critical vulnerabilities in its Flash media player put users at risk, possibly from drive-by downloads, and urged all to update immediately to the patched 8.0.24.0 edition. Microsoft also issued a security advisory Tuesday to tell customers of its Windows XP, Windows 98, and Windows Millennium operating systems -- all of which are bundled with a flawed edition of Flash -- to also update their players.

Security vendors quickly chimed in Wednesday. Danish vulnerability tracker Secunia, for example, labeled the threat as "highly critical," its second-highest warning rating. Although Adobe didn't specify the bugs, nor give a total vulnerability count, its advisory indicated attackers would have to create a malformed .swf (Flash content file) and dupe a user into opening it.

No comments: