Flash Player 10.3.183.10

Een tussentijdse beveiligingsupdate van Adobes Flash Player lost zes lekken op. Een daarvan werd al actief door internet criminelen misbruikt (een zogeheten zero day lek). Via een link in mailberichten werden slachtoffers naar kwaadaardige websites gelokt die de kwetsbaarheid uitbuitten. Flash 10.3.183.10 verhelpt de lekken.

Op deze pagina kunt u controleren voor elke browser welke versie van de plugin u heeft. Flash Player 10.3.183.10 kunt u los downloaden of updaten via de automatische updater in de systeembalk in Windows. Voor Android is ook een nieuwe versie uitgebracht.

Release notes:

This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444).

Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

This update resolves an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426).

This update resolves an AVM stack overflow issue that may lead to denial of service and code execution.  (CVE-2011-2427).

This update resolves a logic error issue which causes a browser crash and may lead to code execution.  (CVE-2011- 2428).

This update resolves a Flash Player security  control bypass which could allow information disclosure.  (CVE-2011-2429).

This update resolves a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430).