Zero-day Flash bugs squashed by Adobe

Adobe Flash patches against zero-day vulnerabilities

Adobe Flash patched
Adobe has issued a security update for its widely-used Flash software, protecting against a number of critical security vulnerabilities that could be exploited by malicious hackers.

In a security bulletin published on its website, Adobe recommends that users of Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player

In addition, the firm says that they expect to make available an update for Flash Player 10.x for the Android mobile operating system by November 9, 2010.

One of the vulnerabilities fixed by the updated version of Flash is CVE-2010-3654. Last week the firm warned that that exploit was being used by malicious hackers to target users of Flash, Acrobat and Adobe Reader. A fix for Reader and Acrobat is scheduled for the week of November 15.

If you’re not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. But remember that if you use more than one browser on your computer you should check the version number on each.

By the way, take a little care when installing a new version of Flash. You may want to think carefully about whether you also want to install McAfee Security Scan Plus.

Adobe rather cheekily (in my humble opinion) defaults to having that box selected by default even though it’s not necessary if all you want to do is update Flash.

It would obviously be a good idea for everyone to update vulnerable computers as soon as possible.