Macromedia urges update to fix Flash flaw

By

Macromedia announced a vulnerability in its Flash Player 7 program earlier this month, warning users that they could leave PCs open to malicious code.

The company released the advisory on Nov. 2, months after the flaws were reported by eEye Digital Security and Sec Consult in June. In a bulletin on its website, Macromedia said the vulnerability on Flash Player versions 7.0.19.0 and earlier left PCs open to third-party hijackings.


"There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorized code that would have been executed by Flash Player," the bulletin reads.

Macromedia recommended that users download Flash Player 8, which contains a fix for the vulnerability. Users of PCs that do not support Flash Player 8, such as Windows 95 or NT or classic Macintosh operating systems should refer to the Flash Player 7 update Technote, according to the advisory.

Steve Manzuik, product manager with eEye, said he believes many companies are not responding quickly enough to vulnerabilities.

"I think it was probably a matter of finding the right patch," he said. "In general, I think everyone is taking too long to respond," he said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?