Establishing Digital Trust: Don't Sacrifice Security for Convenience
If you're running Adobe's Flash Player (and if you're not on Apple iOS than you likely are), it's time to update Flash, again.
Adobe Flash Player 10.3 is now available, fixing at least 11 security flaws, one of which is already been exploited in the wild. The Flash 10.3 update also includes enhanced privacy protections, providing an additional layer of security for users.
According to Adobe, the 11 security flaws affect Flash Player 10.2 and earlier versions on Windows, Mac, Linux and Android platforms.
"These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe warned in its advisory. "There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The 11 fixed flaws include five memory corruption vulnerabilities that could have potentially lead to arbitrary code execution. There are also four bounds checking vulnerabilities fixed in Flash 10.3. Rounding out the list of fixed flaws is an integer overflow vulnerability and a design flaw that could have potentially lead to unintended information disclosure.
Information disclosure issues can also sometimes be exploited by way of the local storage cache. With Flash Player 10.3, Adobe is now taking steps to help mitigate the risk by enabling users to empty their Flash cache from within their browser's privacy settings.
"Users now have a simpler way to clear local storage from the browser settings interface similar to how users clear their browser cookies today," Adobe's Flash Player 10.3 release notes state. "Flash Player 10.3 integrates control of local storage with the browser's privacy settings in Mozilla Firefox 4, Microsoft Internet Explorer 8 and higher, Google Chrome 11 (Available in Chrome Dev Channel), and a future release of Apple Safari."
Another common issue that can lead to Flash exploitation, is the fact that users don't always run the latest version of Flash. With Flash 10.3, Adobe is now aiming to make it easier for Apple's Mac OS users to get updated.
"Flash Player 10.3 supports automatic notification of software updates on Mac OS, making it easier for Mac users to stay current with new capabilities in the latest version of Flash Player," Adobe's release notes state.