Adobe quick-releases a critical Flash Player update on March 5, 2012
It was just 20 days ago, on Feb 14, 2012, that Adobe Systems released a critical update for their Flash Player, which I blogged about here. That version was 11.1.102.62, for Windows, Mac, Linux and Solaris operating systems. Today, March 5, 2012, they released another unexpected critical patch, version 11.1.102.63, for the same systems.
Android smartphone users who have Flash installed also have upgrades waiting, to version 11.1.111.7 (Android 2x, 3x) or 11.1.115.7 (Android 4x) respectively.
The previous patch fixed 7 security vulnerabilities, one of which was being exploited in the wild in February. This latest update patches 2 more newly discovered vulnerabilities (CVE-2012-0768 and CVE-2012-0769), which they claim are not yet being exploited by web browser attack kits. That is bound to change in a few days.
The first newly announced vulnerability allows an attacker to take over control of a user's computer or smartphone via a memory corruption attack against a component of Flash known as Matrix 3D. The second vulnerability in Flash Player allows a hacker to steal sensitive information from a victim's computer or smartphone.
While the Adobe Priority table says users should apply the new patches within 30 days, I recommend you do it as soon as you read this. Exploit kit writers are not going to wait 30 days to go after unpatched computers or smartphones. If you have Flash on a computer, visit the Adobe Flash Download page and download one version of Flash for Internet Explorer and another if you use Firefox or Safari browsers.
Mac users should visit the Adobe Flash download page for other systems and browsers. Apple itself does not support Adobe Flash.
Google Chrome has released a new version of the Chrome browser, which has an embedded version of Flash. To upgrade, open Chrome, then click on the Settings wrench icon on the upper right of the browser, then on "About Google Chrome." If the update has not already been installed it will begin downloading as you open the About Chrome box.
You will have to restart your browsers for the upgrades to take effect. This goes for most plug-ins like Flash. After restarting them, go to the About Flash page and verify that you have the most current version for your browser and operating system. Your installed version is displayed above a table on the page, which lists all current versions of Flash, by operating system.
Android smartphone users must use their Android phones to browse to the Android Marketplace where they can get the new version of Flash installed.
I cannot stress enough the importance of keeping your software which is used by your browsers updated. Criminals pay talented, but unscrupulous programmers to research published vulnerabilities and write codes to attack browsers that are lured to attack servers by spam links. Victims get drafted in criminal and spam botnets and very often have bank account stealing Trojans installed as well. Further, their infected devices are used in distributed denial of service (DDoS) attacks on targets who have incurred the wrath of the criminal elements renting those botnets.
With so many threats in the wild and new ones being discovered every month, or less, it is hard to keep up with all of the updates to the various software applications that connect to the Internet via a browser, email client, instant messenger, Facebook, whatever. You need to remain concerned and stay aware of threats that are either loose in the wwild, or are about to be exploited. When you learn that Adobe has released a new version of something, check your computers to see if you have a previous version installed. If so, update everything out-dated to the latest versions.
Maintain a good line of self defense for your computers and smart devices, by installing automatically updated security software. I use and recommend Trend Micro and Malwarebytes Anti-Malware. Whatever brand you choose, make sure that if it has an annual subscription, that you keep your subscription active. An expired security program is like a sleeping doorman. No protection to mention.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.