New Flash Vulnerability Found

December 9, 2011

According to a diary entry at the SANS Internet Storm Center, a new security vulnerability has been discovered in Adobe’s Flash Player; the most recent version,, and all previous versions, are affected, on all platforms.  The vulnerability is serious, allowing remote code execution as the logged-in user, via a malicious Flash (.SWF) file.  Fortunately, no exploits have been observed “in the wild”, but this could change quickly.

At this point, Adobe has not issued a security advisory, and there is no patch or work-around available.  Not much has been published so far about the details of the vulnerability.  There is a brief bulletin at Security Tracker.  The vulnerability identifiers CVE-2011-4693 and CVE-2011-4694 have been assigned for tracking purposes.

This is a potentially nasty flaw that merits watching; I hope Adobe will get a patch or mitigation out quickly.  I’ll post a follow-up note here if I get any further information.

%d bloggers like this: