Sophos Cloud Optix
Adobe has just released an update (APSB11-26) to its ubiquitous Flash software, revving it to version 10.3.183.10 for Windows, Mac, Solaris and Linux, and to version 10.3.186.7 for Android.
Today’s release fixes six vulnerabilities in Flash Player, one of which was being used in targeted attacks (CVE-2011-2444). This bug is a cross-site scripting flaw which could allow malicious web pages to take actions on behalf of the logged in user.
Adobe has rated this update as Critical. SophosLabs has assigned it a High rating.
SophosLabs has yet to see any samples in the wild, and notes that CVE-2011-2444 is not straightforward to exploit. Nevertheless, as Adobe reports, this vulnerability has been exploited, albeit only in targeted attacks so far.
Windows, Mac, Solaris and Linux users can download the latest Flash player from http://get.adobe.com/flashplayer.
Do watch out though. If adding the bloat of Flash to your browsing experience isn’t enough for you, Adobe has decided to default to bundling it with the Google Toolbar or McAfee trialware for Windows users.
You can untick the box before downloading if you don’t want these options.
Maybe that’s why Apple won’t support Flash on iDevices. No portable versions of Google Toolbar or McAfee?
Android users can download the latest Flash Player from the Android Marketplace and Google Chrome users were automatically updated on September 20, 2011 with protection against these flaws.
…thx, once again for your tidy info, mate!…as always, you guys are FABULOUS — and I don’t use the F word lightly!…lol…:-)…
I would love to be able to get a Flash update or even clear my Flash Cache but every time i go to do it i don’t get a web page for Adobe i just get a white screen with a ‘list’ down the left side of screen of what i should be able to do but if you click on something it gives you another list! Has anyone got any ideas why this is happening??
when I go to the adobe web site and run the download (install_flashplayer10ax_gtbp_chrd_aih.exe) it pops up a box asking for authenticating proxy credentials – this isn't referenced in the guidance notes. I've never had this before with an update and it doesn't seem to be appropriate behaviour as I'm already authenticated and able to browse. I don't want to give these details as they are my domain credentials. Any idea why this is happening?
They've been bundling bloat-ware with Flash for years. Every time I've gone to download an update, I've had to un-tick the option to add McAfee/Chrome/Google Toolbar/whatever.
Thankfully, they seem to have stopped pushing the Adobe Download Manager, which was a worthless piece of junk.
On some PCs, the latest installers don't work. They copy themselves to the temp directory, delete the original file, and launch the copy from the temp directory, which then hangs. (Very suspicious behaviour, which Sophos doesn't flag for some reason!)
On those PCs, I've had to resort to the MSI installers, which aren't available from the main download page. It took quite a bit of searching to find them: http://www.adobe.com/products/flashplayer/fp_dist…