Latest exploits flaw marketed by Hacking Team to governments, others
Adobe has updated Flash to version 184.108.40.206 for Windows and Mac in an effort to close yet another batch of security flaws. While no active use of the exploits had been discovered, the company had been notified earlier this week that some of the exploits had been discovered to be known by Hacking Team, a group of commercial security attackers that has sold such secrets and flaws to government agencies around the world.
Exploit targets professional-industry users through phishing emails
Adobe on Wednesday has released an emergency patch for its Flash Player browser plug-in due to a critical flaw that is being actively exploited in the wild. Flash Player 220.127.116.11 and earlier for Windows and Macintosh systems are affected by the issue, as is version 18.104.22.1686 for Linux 11.x versions. The attack, called APT3 for the China-based organization from which it originates, uses spam "phishing" emails targeted at industry professionals to gain credentials used to steal intellectual property data.
New tactic addresses complaints of silent disabling of outdated versions
Apple is trying a different tack in the struggle to keep Macs secure by encouraging users to either disable the Flash browser plug-in outright, or to keep up-to-date with the latest version, which routinely fixes serious security issues found in the multi-platform media player. The latest maneuver by the iPhone maker, which debuted today, is a direct pop-up prompt to update to the latest version when users visit a page that requires Flash Player. The dialogue box takes users directly to Adobe's own page for updating Flash.
Occupy Flash movement calls for end to Flash
Occupy Flash, a group dedicated to seeing the end of the Flash platform, has called on all PC users to uninstall the Flash Player plugin from their desktop browsers. The group calls themselves “The movement to rid the world of the Flash Player plugin.” As far as the group is concerned, the death of mobile Flash is not enough, and it wants to see the end of all Flash development.
Adobe said to have axed mobile Flash development
Adobe may have dropped Flash for mobile browsers according to ZDNet. A leaked transcript from a company email to Adobe's partners says that it will no longer develop its mobile Flash Player, and that it will switch its emphasis from Flash on mobile devices to its AIR platform. One of the key marketing pitches adopted by Android device vendors is that Android offers an advantage of Apple’s iOS as its browser supports Adobe’s mobile version of its Flash Player plug-in.
Google engineer claims number of fixes understated
On Tuesday, Adobe released a security update for its Flash plugin. The company claimed the release addressed 13 critical problems. A Google security engineer, Tavis Ormandy, has tweeted that Adobe understated the scope of the patch and the number of security-related bugs was closer to 400.
Issue affects desktop platforms, Android
Adobe has again issued a security update for a critical issue affecting Adobe Flash Player 10.3 and earlier versions for Macintosh, Windows, Linux, Solaris and Android, just over a week since the previous update. A new memory corruption vulnerability (marked by the company as CVE-2011-2110) can cause a crash and potentially allow an attacker to take control of the affected system, with reports that the problem has been spotted in the wild.
Develops "hardware-optimized" Flash Player
Qualcomm announced that its newest processors will enable Flash playback in web-enabled mobile devices. The company claims its 800MHz MSM7x27 mobile processor will be the first to enable Flash Player for the mass market segment of smartphones and tablets. Mid-tier and high-end devices with Qualcomm's Snapdragon MSM8x55 mobile CPU, such as Windows Phone 7.1 (Mango), will be capable of what the company calls "HD-quality" video. Qualcomm worked closely with Adobe to customize Flash Player for its hardware.