Flash Player v220.127.116.11 released - 0-day Fix
May 4, 2012
CVE number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0779
Platform: All Platforms
Summary: ... an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows* only. Adobe recommends users of Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 22.214.171.124... Users of Adobe Flash Player 126.96.36.199 and earlier versions on Android 4.x devices should update to Adobe Flash Player 188.8.131.52. Users of Adobe Flash Player 184.108.40.206 and earlier versions for Android 3.x and earlier versions should update to Flash Player 220.127.116.11...
* Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible...
Flash test site: http://www.adobe.com/software/flash/about/
Flash Player update closes critical object confusion hole
Severity: High Severity
Published: Monday, May 07, 2012
Adobe Flash update addresses critical security hole.
Analysis: This vulnerability has been used in active attacks although they are apparently not widespread attacks. Attackers will often use newer vulnerabilities and 0days on special targets of high value first. At some point, the exploit code will leak or a post-compromise analysis will reveal the vulnerability and/or the exploit involved and then the gates open for more compromise activity by others with a variety of motives.
May 4, 2012
May 4 2012 - "... vulnerability is being actively exploited against Flash Player on Internet Explorer in targeted cases. Microsoft Vulnerability Research (MSVR) reported this vulnerability..."