Adobe Updates Flash for Zero Day Flaw
Adobe issues an emergency patch for Flash 10 as new Flash 11 debuts
Last week, Adobe issued its regular patch Tuesday update as part of the a regular release cycle. As it turns out, they may have missed at least one flaw.
Adobe is set to release an emergency out-of-cycle patch today, fixing zero day vulnerabilities that affects Flash Player. The new zero day update comes on the same day that Adobe is updating Flash to version 11 providing new 3D graphics capabilities.
"There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," Adobe warned. "This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website."
Google Chrome users are the first to get the new Adobe Flash player. Google released a new Chrome update late Tuesday fixing the zero day Flash Flaw. The Chrome 14.0.835.186 update comes less than a week after the first Chrome 14 stable release.
Chrome is the only web browser that directly integrates Flash Player and they're also the first to get new Adobe Flash updates for zero day flaws. Earlier this year, Brad Arkin, senior director of Product Security and Privacy at Adobe explained to InternetNews.com that Adobe wants to get out emergency updates as soon as they can. As part of the release process, Adobe tests Flash updates for approximately 60 different browser and operating system combinations.
"As we go through that testing, it might take many hours before we can test and verify on every single platform," Arkin said. "But as soon as we finish the Chrome testing, we can push the binary to the Chrome guys, even though we have testing left to do for other browsers."
In addition to the Flash 10 update, Adobe today released Flash 11. A key new feature in Flash 11 is support for hardware accelerated 2D and 3D graphics.
"With this milestone release Adobe pushes the envelope of what is possible on the Web with a typical PC and opens up a new world of immersive, high-performance gaming experiences,” said Danny Winokur, VP and general manager of Platform, Adobe in a statement.