More flaws from Adobe, Microsoft
Adobe on Tuesday warned that multiple critical vulnerabilities in its Flash media player put users at risk, possibly from drive-by downloads, and urged all to update immediately to the patched 8.0.24.0 edition.
Microsoft also issued a security advisory Tuesday to tell customers of its Windows XP, Windows 98, and Windows Millennium operating systems — all of which are bundled with a flawed edition of Flash — to also update their players.
Security vendors quickly chimed in Wednesday. Danish vulnerability tracker Secunia, for example, labeled the threat as “highly critical,” its second-highest warning rating.
Although Adobe didn’t specify the bugs, nor give a total vulnerability count, its advisory indicated attackers would have to create a malformed .swf (Flash content file) and dupe a user into opening it.
“These vulnerabilities could be accessed through content delivered from a remote location via the user’s web browser, email client, or other applications that include or reference the Flash Player,” Adobe’s advisory read.