Google

Thursday, April 10, 2008

Adobe upgrades Flash Player

SAN FRANCISCO, Calif. -- Software maker Adobe announced on Tuesday that the company had released a widely anticipated update to harden the security of its ubiquitous Flash Player software and patch previously-disclosed software vulnerabilities.

The update fixed a flaw that security researcher Shane Macaulay used in the PWN2OWN contest at the CanSecWest conference to compromise a fully-patched Windows Vista laptop. The update also revamps the security of the Flash Player to solve several major issues that could serve as a vector of attack, including a DNS rebinding attack that has worried browser makers.

"This is the update we’ve referred to in a couple of earlier posts," the company stated on its blog. "These potential vulnerabilities could allow someone who successfully exploits them to take control of the affected system, so we recommend users update to the latest version of Flash Player."

The company and some security researchers have urged Web developers to rebuild their Flash application to make sure that they still work under the new player and benefit from security fixes in authoring tools.

The latest software can be downloaded from Adobe's Flash Player Download Center or through the programs automated update functionality. Flash developers should read the company's white paper on the changes that could affect current Flash applications.

No comments: