Adobe patches Flash again, but not the flaws exploited at Pwn2Own
Posted on 13 March 2013.
As promised last year, Adobe has been issuing its scheduled Flash updates on the second Tuesday of each month - the same day that Microsoft chose for its monthly Patch Tuesday.

Yesterday's cumulative Flash update addressed vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system: an integer overflow vulnerability (CVE-2013-0646), a use-after-free and a heap buffer overflow vulnerability (CVE-2013-0650 and CVE-2013-1375, respectively) and a use-after-free vulnerability that could be exploited to execute arbitrary code (CVE-2013-0650).

What is missing from the update is a patch for the three zero-days (an overflow, a ASLR bypass technique and a IE9 sandbox memory corruption) that the team from Vupen security chained together to exploit Adobe Flash on IE 9 on Windows 7 at the Pwn2Own competition held last week at the CanSecWest conference in Vancouver.

While a patch for them would have been welcome, its absence is not that surprising. The time frame between the two events is rather short, and even a well-oiled machine such as Microsoft hasn't managed to patch the two zero-days that the Vupen team exploited to achieve a full IE 10 on Windows 8 compromise with sandbox bypass in time for its regular Patch Tuesday.

Users who update their Flash manually can pick up the patched versions for Windows, Mac and Linux at Adobe's Plash Player official download page.









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //