Adobe 帶來 Flash Player 的重要更新

來源:nakedsecurity
標題:Adobe ships critical out-of-band Flash Player update
作者:Chester Wisniewski
內文:


Adobe has released a critical update for Flash Player versions 11.1.102.62 and earlier for Windows, OS X, Linux and Solaris and versions 11.1.115.6/11.1.111.6 and earlier for Android.
The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.
Adobe 稍早釋出了 Flash Player 11.1.102.62 緊急更新,包含 Windows、 OS X、 Linux 和 Solaris平台。還有 11.1.115.6/11.1.111.6 的 Android 版本。本次更新對應到兩個 CVE ,CVE-2012-0768 和 CVE-2012-0769,都是 Google 的研究人員提供的。

Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.
Non-Chrome browser users can get the latest version (11.1.102.63) by surfing to http://get.adobe.com/flash and running the installer for your platform.
Android users should visit the Android Marketplace and search for Adobe Flash Player. iOS users don't need to worry as Apple devices don't work with Flash :)Chrome 使用者應盡快更新,同時 Google Chrome 也提供了更新以修補這個問題。其他瀏覽器的使用者可以在 http://get.adobe.com/flash 這個網址取得最新版本 11.1.102.63 。Android 使用者可以到 Android Marketplace 更新。 iOS 使用者則不用擔心這個問題。

CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.
CVE-2012-0768 屬於記憶體崩潰的弱點,可以透過 Matrix3D 一個漏洞從遠端執行程式碼。

CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.
CVE-2012-0769 屬於資訊洩漏的弱點,肇因於 Flash 中的整數錯誤。

As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won't be long.
如果以往,我們建議您越快更新越好。即使目前沒有實際的攻擊發生,經驗告訴我們就快了。



留言

這個網誌中的熱門文章

資安JAVA(十):X-Content-Type-Options

資安JAVA(十一):X-XSS-Protection

資安JAVA(四):Session Cookie HTTPOnly Flag