Last week, you endured a busy Patch Tuesday, which included a pile of security updates from Microsoft and Adobe. Adobe’s patch day included big updates for Reader, ShockWare, and Flash. Unfortunately, Adobe wasn’t quite finished fixing the Flash Player vulnerabilities.
Just a week after Patch Day, Adobe has released yet another Flash Player update to fix six more critical vulnerabilities in the popular web multimedia player. The six new flaws differ technically, but mostly share the same scope and impact. In fact, they’re generally the same type of memory corruption flaws as Adobe fixed last week — just more of them. In any case, if an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
These six new Flash Player flaws affect all platforms, including Windows, Macintosh, Linux, and Android. So if you are running Flash Player on any platform, make sure to install this week’s Flash update, even if you already applied the patch from last week. You can find the proper update in the “Solutions” section of Adobe’s Flash Bulletin.
As an aside, if you are waiting for today’s WatchGuard Security Week in Review Episode, it’s coming, but won’t show up until later this afternoon. I wasn’t able to shoot and produce the video when I normally do, due to work travel. So I will have to post it late in the day. If you’re gone before it goes up today, be sure to check it out Monday. — Corey Nachreiner, CISSP (@SecAdept)