Adobe issues second emergency patch for Flash Player this month

By on February 20, 2014, 5:30 PM
adobe, patch, flash player, hacking, vulnerability, security update

Adobe has released a critical security update for its Flash Player plug-in for Windows, Mac and Linux – the second in less than three weeks. The update addresses a zero-day exploit first uncovered by security firm FireEye a week ago that targeted visitors of at least three nonprofit websites.

The security firm said Peterson Institute for International Economics (PIIE.com), the American Research Center in Egypt (ARCE.org) and the Smith Richardson Foundation (SFR.org) were all compromised using remote code injection. Traffic to these sites was redirected to a server that contained a hidden iframe running the exploit.

Given the nature of the nonprofits, FireEye said they believe those responsible for the attacks have sufficient resources and are committed to infecting those visiting a particular type of website. Two of the sites in question focus on national security and public policy which led the firm to speculate that the attackers infected visitors for follow-on data theft.

In a security bulletin on the matter, Adobe said Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, version 11.2.202.336 and earlier versions for Linux, AIR 4.0.0.1390 and earlier versions for Android, AIR 3.9.0.1390 SDK and earlier versions and AIR 3.9.0.1390 SDK & Compiler and earlier versions are all affected.

The new version of Flash Player for Windows and Mac is 12.0.0.70 while the newest for Linux is 11.2.202.341. Naturally, you’ll want to download and apply the patch ASAP.




User Comments: 10

Got something to say? Post a comment
Guest said:

What an antiquated format. when will it finally rollover,die and let html5 take its rightful crown?

H3llion H3llion, TechSpot Paladin, said:

Heck with flash, bloody resource hog :3

Darth Shiv Darth Shiv said:

Unfortunately html5 is not ready to replace it.

SNGX1275 SNGX1275, TS Forces Special, said:

Unfortunately html5 is not ready to replace it.

eh. Perhaps that is the wrong way to look at it, I'm sure there are some games and such that flash can do better than html5. Flash certainly does ads well.

I think a lot of the support for Flash to stick around is from people who make money off of writing things in Flash, so there is a lot of resistance from them because, well that is where they make money, and its easier to keep doing that than learn something else. Flash is such a POS from a security, stability and optimization standpoint.

You are right that html5 isn't ready to replace it (I guess), but that isn't because flash can't be replaced, its because there is no real motivation for people that make money off of their Flash products to change. The consumers are the only ones that can speed up this change, and that isn't happening.

The real problem is: Consumers aren't demanding Flash cease being used. We see how html5 is now offered on almost every video site either completely or as an alternative to flash (esp for mobile devices), so the industry can change (video sites are the main example) if there is demand. That demand occurred by Apple not allowing Flash on iOS, there just is no backing from the general user base on non mobile devices (computers).

Darth Shiv Darth Shiv said:

The video formats issue is still around. Browsers don't all run a known set of video formats specified in the HTML5 standard. It's dragging on way too long...

Kibaruk Kibaruk, TechSpot Paladin, said:

Tell it's not ready to IPV4 :P

That's also becoming a joke.

havok585 havok585 said:

Html5 still is an infant compared to flash, why do u guys even bother to mention html5 at this stage ... just boggles the mind.

Guest said:

@Darth Shiv: AFAIK the problem is that there is no specified format in the first place: they had Theora+Ogg at the beginning, later decided not to specify the codecs in the standard, but to leave it to the web pages.

Guest said:

Flash sucks ass.

Darth Shiv Darth Shiv said:

@Darth Shiv: AFAIK the problem is that there is no specified format in the first place: they had Theora+Ogg at the beginning, later decided not to specify the codecs in the standard, but to leave it to the web pages.

Yes they have been "negotiating" on a "required" codec for HTML5 compliance. There has been no concensus so there is no required codec which makes it impossible to have a website that outputs a single video format and for all HTML5 browsers to support it.

I.e. the HTML5 standard is rubbish for video support and flash has far greater support so it won't die just yet...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.