With hundreds of millions of Macromedia Flash installations, Flash player is
one of the most successful and ubiquitous plug-ins of all time. Many
millions of those users may be at risk today if they don’t upgrade to the
latest version.
An Adobe/Macromedia Flash vulnerability has been reported that could
potentially allow an attacker to execute remote code on a user’s system. All
a user needs to do to get infected is view a maliciously crafted Flash
file within a browser.
US-CERT has issued a Cyber Security Alert for multiple Adobe/Macromedia
Flash-based products, including Flash Player version 8.0.22.0 and earlier for
Windows, Mac OS X, Linux and Solaris.
Microsoft
issued its own advisory on the Flash flaw earlier this week, as well. Flash
player is usually included by default on a number of Microsoft Windows
platforms going all the way back to Windows 98.
Flash Professional 8,
Flash Basic, Flash MX 2004, Flex 1.5, Breeze Meeting Add-In 5.1 and earlier,
and Adobe Macromedia Shockwave Player 10.1.0.11 and earlier were also affected.
An upgraded version of Flash that fixes the vulnerability is now available on the Macromedia site.
A December survey by NPD Online reported that Flash Player is installed
on 97.7 percent of Internet-enabled PCs. Adobe Acrobat was the second-most
installed plug in at 89.4 percent, followed by Java at 86.2 percent.