Login   |   Secure Purdue > News

Adobe Flash Player update fixes multiple vulnerabilities

Adobe Flash Player update fixes multiple vulnerabilities

Adobe Security Advisory APSB07-20

Several critical vulnerabilities in Adobe's Flash Player for all platforms
have been addressed in a recently released update. These vulnerabilities can
allow attackers to compromise a vulnerable system via several methods.
Versions prior to 9.0.48.0, 8.0.35.0, and 7.0.70.0 are vulnerable to these
flaws. Affected software includes Flash Player, Flash CS3 Professional, and
Flex 2.0.

It is highly recommended that system administrators ensure the latest Flash
Player version is installed. According to Adobe, this version is 9.0.115.0
for Linux, Mac, and Windows. A patch for Solaris is not yet out, but will be
released soon. Users of 7.x and 8.x versions are encouraged to upgrade to
the latest 9.x release, if possible.

This release patches vulnerabilities referenced in the following CVEs:

CVE-2007-4324
CVE-2007-4768
CVE-2007-5275
CVE-2007-5476
CVE-2007-6242
CVE-2007-6243
CVE-2007-6244
CVE-2007-6245
CVE-2007-6246

Full details of the vulnerabilities can be found at the Adobe Security
Advisory link contained at the bottom of this message.

Please also note that security updates for Flash Player 7 will no longer be
released after this update.

More information is available at the following sites:

Adobe Security Advisory APSB07-20
http://www.adobe.com/support/security/bulletins/apsb07-20.html

Player Download Center
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=Shockwa
veFlash

Secunia Advisory SA28161
http://secunia.com/advisories/28161/

Posted by William Harshbarger on December 20, 2007, in Handlers Log.