Adobe Issues Critical Macromedia Flash Update
Adobe has released updated versions of its ubiquitous Macromedia Flash and Shockwave online media players, which the company said fix several critical security vulnerabilities in previous versions.
Adobe said that if a user loaded a specially crafted Shockwave file from a malicious Web site, that site could hijack that person's browser and potentially seize complete control over the visitor's computer.
Microsoft Windows users are more or less guaranteed to have Flash on their systems whether they recall installing it or not. The program was redistributed with Windows XP Service Packs 1 and 2, Windows 98, Windows 98 SE, and Windows Millennium Edition, according to a separate advisory Microsoft issued Tuesday. Adobe says updated versions of Flash Player 7 for Linux and Solaris, which contain fixes for these vulnerabilities, are also available from the Adobe Player Download Center (the link is a bit hard to find -- it's actually at the "alternates" download page.)
Shockwave versions 10.1.0.11 and earlier also have this problem. Updates for that player are here. In addition, you will need to update if you are using Adobe's Breeze Meeting Add-In version 5.1 and earlier, or the Flash Debug Player version 220.127.116.11 and earlier.
Alternatively, if you're completely spooked by this advisory or simply don't want Flash on your system anymore, Adobe has kindly posted a program to help you uninstall it. The company also has put up instructions on how to manually remove the ActiveX Flash player from Internet Explorer.
The comments to this entry are closed.