Skip navigation

Tag Archives: adobe

Un nuova vulnerabilità di Adobe Flash “Zero-day”, peraltro risultante già sfruttata in alcuni attacchi mirati, ha costretto Adobe a rilasciare una patch urgentissima raccomandando a chiunque di aggiornare l’applicazione il prima possibile.
In un nuovo bollettino di sicurezza Adobe raccomanda di aggiornare flash alle rispettive versioni:

“- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194.
– Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.296.
– Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.468.
– Adobe Flash Player installed with Google Chrome and Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.194.”

I pc che utilizzano Explorer 7 o quelli Windows XP powered con Firefox, sembrano essere quelli più esposti.
Con tutte le patch rilasciate da Adobe in questi anni, Flash dovrebbe essere un “lucchetto digitale” ed invece siamo di nuovo di fronte all’ennesima grave vulnerabilità.
Credo proprio che dovremmo pensare seriamente alla vita senza Flash.
Controllate qui la vostra versione di Flash e, se avete comunque deciso di continuare ad usarlo, installate la versione aggiornata e attendete fino alla prossima vulnerabilità.
Have fun. ..always!

Ma chi ha scritto questo codice? E, soprattutto, viste le sue innumerevoli vulnerabilità (saremo a 800-900 patch rilasciate) non sarebbe meglio riscriverlo daccapo se non abbandonarlo proprio?

Da “Krebs on security”:

Microsoft today issued 13 patch bundles to fix roughly four dozen security vulnerabilities in Windows and associated software. Separately, Adobe pushed updates to fix a slew of critical flaws in its Flash Player and Adobe Air software, as well as patches to fix holes in Adobe Reader and Acrobat.

Three of the Microsoft patches earned the company’s most dire “critical” rating, meaning they fix flaws that can be exploited to break into vulnerable systems with little or no interaction on the part of the user. The critical patches plug at least 30 separate flaws. The majority of those are included in a cumulative update for Internet Explorer. Other critical fixes address problems with the Windows OS, .NETMicrosoft Office, and Silverlight, among other components.

According to security vendor Shavlik, the issues address in MS15-044 deserve special priority in patching, in part because it impacts so many different Microsoft programs but also because the vulnerabilities fixed in the patch can be exploited merely by viewing specially crafted content in a Web page or a document. More information on and links to today’s individual updates can be found here.

Adobe’s fix for Flash Player and AIR fix at least 18 security holes in the programs. Updates are available for Windows, OS X and Linux versions of the software. Mac and Windows users, the latest, patched version is v. 17.0.0.188. 

If you’re unsure whether your browser has Flash installed or what version it may be running, browse to this link. Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, should automatically update to the latest version. To force the installation of an available update, click the triple bar icon to the right of the address bar, select “About Google” Chrome, click the apply update button and restart the browser.

The most recent versions of Flash should be available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (FirefoxOpera, e.g.).

If you run Adobe ReaderAcrobat or AIR, you’ll need to update those programs as well. Adobe said it is not aware of any active exploits or attacks against any of the vulnerabilities it patched with today’s releases.

Ma si può mai passare un quarto della propria vita digitale ad applicare patch e aggiornamenti?
Rivoglio il pallottoliere!

Have fun. …always!

News fresca fresca comparsa su The Verge e GigaOM, che fa capire quanto é tenuta in cosiderazione la potenzialità di queste periferiche ancora poco diffuse..http://tpt.to/a4ccZ72