Adobe Systems Inc. has issued a critical Adobe Flash Player update and likewise unveiled a brand new element of its advisories, adding priority ratings so patch administrators can gauge the seriousness of updates.
The software giant repaired two Flash Player vulnerabilities that may be utilized by attackers to execute malicious code or cause a denial-of-service condition. Among the many errors may be utilized by attackers to procure sensitive information via unspecified vectors, Adobe said. Â The update, issued Monday, affects users of Flash Player running on Windows, Macintosh, Linux and Solaris, in addition Flash Player for Google Android devices.
Adobe said it isn't acquainted with any exploits within the wild trying to target either vulnerability. Danish vulnerability clearinghouse Secunia issued a Flash Player advisory, giving the update a “highly critical†rating. Secunia said the problems stem from Flash Player's Matrix3D engine, that is designed to put and orient a 3-dimensional (3D) display object.
The Flash Player update is the primary one using the Adobe Priority Rating System. The critical update issued this week was given a “Priority 2†rating, meaning there are currently no known exploits inside the wild and Adobe doesn't anticipate any imminent exploits targeting the issues.
In a blog post in regards to the new rating system, David Lenoe, group manager of the Adobe Product Security Incident Response Team (PSIRT), said the concern ratings give patching admins a stronger thanks to prioritize patch testing and deployment processes.
“All critical security updates aren't created equal,†Lenoe wrote. “For example, if a Flash Player issue is being exploited within the wild, the update to solve the vulnerability deserves a much higher priority than, say, a patch for a critical vulnerability in Photoshop.â€
Vulnerabilities being targeted within the wild can be given “Priority 1†rating, meaning administrators should install the update within 72 hours or once possible. A “Priority 3†rating is for updates which might be optional because historically the software has not been a target for attackers.
“We're going to base our priority ranking on historical attack patterns for the relevant product, the kind of vulnerability, the platform(s) affected, and any potential mitigations that can be in place,†Lenoe said. “This is a brand new system, so we may find that adjustments might want to be made.â€
Adobe introduced Mozilla Firefox support for its Flash Player protected mode feature last month. The corporate was engineering a sandbox environment for the browser component. The protected mode, also available in Google Chrome, isolates Flash Player from critical processes, making it harder for attackers to interrupt out of the Flash component right into a victim's system.
Nessun commento:
Posta un commento
Comments links could be nofollow free