Archive

Posts Tagged ‘Attribution’

Adobe Flash Player 10.3 Advisory

September 18, 2011 Leave a comment

Flash Player by Adobe, consistently plagued with vulnerabilities, has under gone yet another minor version upgrade on the Release channel – to 10.3.183.7 10.3.183.10

Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5.
Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3.

http://www.adobe.com/support/security/bulletins/apsb11-21.html

Google Security

A Google Security researcher who fuzzed over 400 bugs in Flash Player was denied attribution by Adobe, because of the way CVE numbers are allocated.
He blogged about it in this post, and Adobe responded with their own snark..

So, what’s the right number of CVEs to allocate? In this particular case, some of the code changes we made were closely related within a single component, which would argue for consolidating them with a single CVE, while others were clearly distinct. At this point, we’d rather invest our time in continuing the hardening work that will make Flash Player more robust against attack than reviewing change logs. We’ve updated the security bulletin to include CVE-2011-2424 to describe this batch of bugs.

http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html

And the updated text of the advisory now attributes the CVE to the Google team.

This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-2424).

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Tavis Ormandy of the Google Security Team (CVE-2011-2424)

http://www.adobe.com/support/security/bulletins/apsb11-21.html

Downloads

Android users can get the latest release version from the market here, Internet Explorer users can direct download from FileHippo.com and those running Firefox can grab it from FileHippo.com too..

Those looking for the official Adobe Flash Player download site can click here.