Adobe patches new Flash zero-day bug with emergency update

In-the-wild attacks target Windows' Internet Explorer, says company

By , Computerworld |  Security, Adobe, Adobe Flash

A Computerworld Windows 7 system, however, was not silently updated to 11.2.202.235, the patched version, within an hour of booting the PC, the interval the tool uses to check for new updates. Adobe was unable to explain the problem, other than to suggest an initial failure by those browsers to connect to its servers. In that case, the silent updater is designed to stop pinging Adobe for 24 hours before resuming.

The current stable version of Chrome -- Google's browser is the only one that includes the Adobe software in its updates -- reports running the patched 11.2.202.235 edition of Flash Player. Google shipped that version of Chrome, 18.0.1025.168, on Monday, April 30, giving it a four-day jump on Adobe's plug-in patching.

It was Chrome's largest-ever lead: previously, Google has beaten Adobe to Flash Player patching by hours, or at most a day.

Adobe today again explained Chrome's faster Flash patching by noting that it hands Flash updates to Google as "soon as we updated the code," but needs more time on its part to test fixes on scores of operating system and browser combinations before it's confident enough to ship the update to all users.

Microsoft's vulnerability research group reported the Flash vulnerability to Adobe.

The patched versions of Flash Player for Windows, Mac, Linux and Solaris can be downloaded from Adobe's website. Windows users can wait for the silent updater to kick in, run Flash's update tool or wait for the software to prompt them that a new version is available.

Android users will be able to download the new version from Google Play, formerly the Android Market, later today, said Adobe.

To determine which version of Flash Player is running in any particular browser, users can steer to this Adobe page.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question