Adobe Issues Second Flash Player Security Update In A Week

Adobe goes on another patching bender

Adobe has rushed out more fixes for its Flash Player, just a week after releasing a slew of updates for the software.

Six flaws have been fixed in Flash Player for Windows, Mac OS X and Linux, five of which have been rated critical. Those vulnerabilities could lead to remote code execution on the attacked machine, so IT teams have been urged to update as soon as possible. See the full advisory here.

“We recommend installing the update as quickly as possible, at least on the Windows platform where it carries the highest priority rating of ‘1’ with an associated recommended patch turnaround time of 72 hours,” said CTO of security firm Qualys, Wolfgang Kandek.

“Overall the release will be a bit of a surprise for IT administrators, as we had a Flash player release last week during the normal Patch Tuesday, together with the new versions of Acrobat/Reader and Shockwave player.

“We believe that last week’s release was an out-of-band emergency fix to address a specific vulnerability under abuse in the wild and that could not be integrated with this bigger release.”

Security headache

Adobe released an updated version of Flash last Tuesday, which fixed one flaw – CVE-2012-1535. The software maker said reports had indicated the vulnerability was being exploited in the wild in limited targeted attacks, distributed through a malicious Word document.

Symantec said yesterday it had seen threats attempting to exploit the flaw since 10 August, claiming to have blocked 1300 of those attempts.

Last week, after Adobe issued a security update for various pieces of its software portfolio, Google security researchers claimed a number of flaws had been left open in Adobe Reader. Whilst the Linux version of the software was left completely unpatched, there were 16 vulnerabilities in Reader for Windows and Mac OS X still unfixed.

Are you a security expert? Try our quiz!