mikiem2
Moderator
There's a new version of Flash out -- check your version here: http://www.adobe.com/software/flash/about/
I didn't see any info on what was changed, but updates are often security related. And for better/worse, it can be days after an update comes out before your installed version tells you an update's available.
Anonymous
Unregistered
Adobe adding security, privacy goodies to Flash Player 11
Summary: Adobe’s new Flash Player 11 will include support for 64-bit exploit mitigation and support for SSL socket connections.
Adobe said the new Flash Player 11, expected in early October,
Adobe to rush out Flash Player patch to thwart zero-day attacks
Flash Player 11 will also include a secure random number generator.
he company is also adding 64-bit support in Flash Player 11, a move that Uhley says will bring some security side-benefits.
If you are using a 64-bit browser that supports address space layout randomization (ASLR) in conjunction with the 64-bit version of Flash Player, you will be protected by 64-bit ASLR. Traditional 32-bit ASLR only has a small number of bits available in the memory address for randomizing locations. Memory addresses based on 64-bit registers have a wider range of free bits for randomization, increasing the effectiveness of ASLR.
On the privacy side, Adobe is adding a private browsing mode to allow users to stay incognito while viewing Flash files.
http://www.zdnet.com/blog/security/adobe-admits-to-80-code-changes-in-flash-player-patch/9268
Adobe admits to 80 'code changes' in Flash Player patch
Summary: Adobe explains why it decided not to publicly document about “80 code changes” that were made to fix security vulnerabilities found and reported by Google’s security team.
Adobe is fessing up to fixing much, much more than the 13 documented vulnerabilities in the latest critical Flash Player update.
Following an accusation from Google security researcher Tavis Ormandy that the company buried the fact that it patched a whopping 400 Flash Player vulnerabilities, Adobe security chief Brad Arkin (right) admitted the patch “contains about 80 code changes” for fix flaws identified by Ormandy’s team.
[ Did Adobe hide 400 vulnerability fixes in latest Flash Player patch? ]
Anonymous
Unregistered
Summary: Another in-the-wild zero-day attack prompts an urgent Flash Player patch from Adobe.
The company is expected to fix at least 16 documented vulnerabilities, some critical enough to expose Windows and Mac users to code execution attacks via Flash files hosted on Web pages.
The Adobe patch comes a day after Google shipped a Chrome update that “includes an update to Flash Player that addresses a zero-day vulnerability.”
In addition to Flash Player, Adobe’s PDF Reader and Acrobat software products are among the main targets for sophisticated attacks.
https://www.adobe.com/support/security/bulletins/apsb11-26.html
Anonymous
Unregistered
http://www.zdnet.com/blog/bott/how-many-flash-player-updates-is-too-many/4042?tag=nl.e539
How many Flash Player updates is too many?
By Ed Bott | October 10, 2011,
Summary: The single most common complaint I hear about Flash Player is that there are too many updates. But are there really? I couldn’t find a comprehensive list, so I made my own. Guess how many updates Adobe has delivered this year alone?
You want to set off a firestorm of comments from angry and frustrated PC users? Just write about Adobe’s Flash Player.
The pace has picked up this year, with 13 individual updates in the past eight months alone.
http://www.esecurityplanet.com/patches/adobe-updates-flash-for-zero-day-flaw.html
You must log in to post.