Adobe fixes Flash and Photoshop flaws

Powered by SC Magazine
 

Publicly available exploit code leaves millions at risk.

Adobe has released updates that patch security holes in two of the company's most popular products. 

The patches fix three vulnerabilities in the free Flash player plug-in and two in Photoshop. Publicly available exploit code for the flaws has been found on the web.

The two Photoshop vulnerabilities were first disclosed in late April by a security researcher known as 'Marsu'.

The disclosures include code for exploits which could allow an attacker to successfully execute malicious code on a target system via a specially crafted 'bmp', 'dib' or 'rle' document file.

Secunia rated both vulnerabilities as 'highly critical', the firm's second highest threat classification. The flaws affect versions CS2 and CS3 of Photoshop, and one of the flaws also affects Photoshop Elements 5.0. 

The set of three patches for the Flash player browser plug-in were also rated by Secunia as 'highly critical'. The patch affects versions 7, 8 and 9 of the player.

The most severe of the vulnerabilities could allow an attacker to remotely execute code on a target system, while another flaw could allow an attacker to access sensitive user information.

If left unpatched, the Flash player vulnerabilities could put millions of users worldwide at risk.

Adobe estimated earlier this year that 98.7 percent of internet users worldwide had some version of the plug-in.

Both patches are available from Adobe's Security Bulletins and Advisories website.

Copyright ©v3.co.uk


Adobe fixes Flash and Photoshop flaws
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Telcos finally briefed on data retention details
Update: AGD offers list of data to be stored.
 
Qld Health hires short-term CIO, CTO
Ray Brown leaves after five years at IT helm.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  12%
TOTAL VOTES: 565

Vote