Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The so-called zero day vulnerabilities discovered in Adobe’s Flash Player last week were actually known about for seven months, according to new reports. Paul Royal, a principal researcher at web security service provider Purewire, is credited with first noticing that the flaw in Flash was actually logged into Adobe's bug and issue management system on December 31 last year.Adobe will be embarrassed about the revelations its security response team knew about the vulnerability for months, especially as it was originally misdiagnosed as a “data loss corruption” issue, according to a ZDnet report. The firm has now moved swiftly to address the issue, however, announcing that patches will be available by July 31 for Windows, Mac and Linux users.“A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” acknowledged Adobe in a security advisory."This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.”In the meantime, Adobe is recommending that users delete, rename, or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x, in order to mitigate the threat for those products.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.