Adobe Patches Second Flash Zero-Day In 9 Days 178
CWmike writes "For the second time in nine days, Adobe has patched a critical vulnerability in Flash Player that hackers were already exploiting, Computerworld's Gregg Keizer reports. Adobe also updated Reader to quash 13 new bugs and several older ones the company had not gotten around to fixing. The memory corruption vulnerability in Flash Player could 'potentially allow an attacker to take control of the affected system,' Adobe said in an accompanying advisory. 'There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.' Adobe last issued an 'out-of-band' emergency update on June 5, when it fixed a critical flaw that attackers were exploiting to steal Gmail login credentials. Those attacks were different from the ones Google disclosed the week before, when it accused Chinese hackers of targeting specific individuals, including senior U.S. and South Korean government officials, anti-Chinese government activists and journalists. Google, which bundles Flash Player with Chrome, also updated its browser Tuesday to include the just-patched version of Flash."
Re:WTF adobe (Score:5, Informative)
Affected software versions (Score:5, Informative)
Affected software versions
Re:Out of band? (Score:5, Informative)
Before the patch is made, many of these exploits are not widely known. Sometimes they are, but normally they aren't.
As I understand it, the risk is that once the patch is published, the bad guys reverse engineer the patch and publish exploits for those patches (usually within 6 hours). So if you delay patching after a patch is made, you put your machines at increased risk. So scheduling an update so that IT folks have time to react is a good thing.
The one exception is when the exploit is published *before* the patch is published. In that case, it makes sense to push an out-of-band patch and to hell with the sysadmins schedule.
Re:And 64-bit Will Be Updated When? (Score:5, Informative)
Honest question: Why use an x64 browser?
Speed, for one thing. For Windows, here [favbrowser.com] is one benchmark that shows the rather significant difference. When on javascript heavy sites, having a 64-bit browser sure helps.
For Linux, there are other considerations, like not having to install the whole 32-bit compatibility layer and libraries at all. Fedora, for example, won't install 32-bit support unless you explicitly tell it to. Being 64-bit only saves a lot of memory compared to being dual-stack.
For example, we still put 32-bit Office on our x64 desktops for plug-in and other compatibility.
The speed difference for large spreadsheets can be stupendous, in favour of 64-bit. Or running a text analysis on a book-sized document. I've ran 64-bit Office 2010 for quite a while, and haven't run into a single problem yet (well, 64-bit problem that is -- Office itself is another issue).