Wednesday, September 21, 2011

Adobe Announces Emergency Patch for Flash Player

Via -

Adobe has announced an emergency patch that is scheduled to be released some time later today (Wednesday 21 September). The update will address several previously unknown critical holes in Flash Player. The new version is also designed to close a universal cross-site scripting (XSS) hole that Adobe says is already being actively exploited. The company's security blog doesn't provide any further details.


Nation-State Attackers Are Adobe's Biggest Worry
It's no secret that attackers have made Adobe's products key targets for the last couple of years, routinely going after bugs in Reader, Flash and Acrobat in targeted attacks and widespread campaigns alike. But it's not just the rank-and-file bad guys who are making Adobe a priority; it's more often nation-states, the company's top security official said.


"In the last eighteen months, the only zero days found in our software have been found by what Dave Aitel would call carrier-class adversaries," Arkin said in his keynote speech at the United Security Summit here Tuesday. "These are the groups that have enough money to build an aircraft carrier. Those are our adversaries."


Perhaps the most famous example of this kind of targeted attack is the one that hit RSA Security earlier this year.


"We have lots of friends in the places where people get attacked a lot and I don't think that RSA was the only target in that campaign," he said.

No comments:

Post a Comment