Adobe 帶來 Flash Player 的重要更新

標題:Adobe ships critical out-of-band Flash Player update
作者:Chester Wisniewski

Adobe has released a critical update for Flash Player versions and earlier for Windows, OS X, Linux and Solaris and versions and earlier for Android.
The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.
Adobe 稍早釋出了 Flash Player 緊急更新,包含 Windows、 OS X、 Linux 和 Solaris平台。還有 的 Android 版本。本次更新對應到兩個 CVE ,CVE-2012-0768 和 CVE-2012-0769,都是 Google 的研究人員提供的。

Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.
Non-Chrome browser users can get the latest version ( by surfing to and running the installer for your platform.
Android users should visit the Android Marketplace and search for Adobe Flash Player. iOS users don't need to worry as Apple devices don't work with Flash :)Chrome 使用者應盡快更新,同時 Google Chrome 也提供了更新以修補這個問題。其他瀏覽器的使用者可以在 這個網址取得最新版本 。Android 使用者可以到 Android Marketplace 更新。 iOS 使用者則不用擔心這個問題。

CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.
CVE-2012-0768 屬於記憶體崩潰的弱點,可以透過 Matrix3D 一個漏洞從遠端執行程式碼。

CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.
CVE-2012-0769 屬於資訊洩漏的弱點,肇因於 Flash 中的整數錯誤。

As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won't be long.



資安JAVA(四):Session Cookie HTTPOnly Flag

資安JAVA(十二):Log Forging

Kali 工具介紹 Recon-ng