[º¸¾È´º½º ¹Î¼¼¾Æ] ¾îµµºñ(Adobe)»ç´Â Ç÷¡½Ã Ç÷¹À̾î(Flash Player)¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ³·Àº ¹öÀü »ç¿ëÀÚ´Â ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù.
ÇØ´ç Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù. ¡âÀÓÀÇÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö Àִ ŸÀÔ È¥¶õ Ãë¾àÁ¡(CVE-2015-8644) ¡âÀÓÀÇÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Á¤¼ö ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2015-8651) ¡âÀÓÀÇÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â use-after-free Ãë¾àÁ¡(CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650) ¡âÀÓÀÇÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645)
¡ã¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
À©µµ¿ìÁî, ¸Æ ȯ°æÀÇ ¾îµµºñ Ç÷¡½Ã Ç÷¹À̾î desktop runtime »ç¿ëÀÚ´Â Adobe Flash Player Download Center(http://www.adobe.com/go/getflash)¿¡ ¹æ¹®ÇÏ¿© ÃֽŠ¹öÀüÀ» ¼³Ä¡Çϰųª, ÀÚµ¿ ¾÷µ¥ÀÌÆ®¸¦ ÀÌ¿ëÇÏ¿© 20.0.0.267 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ëÇÏ¸é µÈ´Ù.
¾îµµºñ Ç÷¡½Ã Ç÷¹À̾î Extended Support Release »ç¿ëÀÚ´Â 18.0.0.324 ¹öÀüÀ¸·Î, ¸®´ª½º ȯ°æÀÇ ¾îµµºñ Ç÷¡½Ã Ç÷¹ÀÌ¾î »ç¿ëÀÚ´Â 11.2.202.559 ¹öÀüÀ¸·Î, AIR desktop runtime, AIR SDK °ú Compiler, AIR for Android»ç¿ëÀÚ´Â 20.0.0.233 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇÏ¸é µÈ´Ù.
¾îµµºñ Ç÷¡½Ã Ç÷¹À̾ ¼³Ä¡µÈ ±¸±Û Å©·Ò(Google Chrome)Àº ÀÚµ¿À¸·Î ÃֽŠ¾÷µ¥ÀÌÆ® ¹öÀüÀÌ Àû¿ëµÇ°í, ±¸±Û Å©·Ò ¹× À©µµ¿ì 8.x, 10 ¹öÀüÀÇ ÀÎÅÍ³Ý ÀͽºÇ÷η¯ 10, 11, EDGE¿¡ ¾îµµºñ Ç÷¡½Ã Ç÷¹À̾ ¼³Ä¡ÇÑ »ç¿ëÀÚµµ ÀÚµ¿À¸·Î ÃֽŠ¾÷µ¥ÀÌÆ®°¡ Àû¿ëµÈ´Ù.
ÀÌ¿Í °ü·ÃÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇϰųª ¾Æ·¡ÀÇ Âü°í»çÀÌÆ®¸¦ È®ÀÎÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
[¿ë¾î Á¤¸®]
Type Confusion Ãë¾àÁ¡ : °´Ã¼ÀÇ Å¸ÀÔ(type)À» È¥µ¿ÇÏ¿© ¹ß»ýÇÏ´Â ¿À·ù ¹× Ãë¾àÁ¡
Use-After-Free Ãë¾àÁ¡ : ¼ÒÇÁÆ®¿þ¾î ±¸Çö ½Ã µ¿Àû ȤÀº Á¤ÀûÀ¸·Î ÇÒ´çµÈ ¸Þ¸ð¸®¸¦ ÇØÁ¦ÇßÀ½¿¡µµ ºÒ±¸ÇÏ°í À̸¦ °è¼Ó ÂüÁ¶(»ç¿ë)ÇÏ¿© ¹ß»ýÇÏ´Â Ãë¾àÁ¡
Adobe AIR(Adobe Integrated Runtime) : HTML, JavaScript, Adobe Flash ¹× ActionScript¸¦ »ç¿ëÇÏ¿© ºê¶ó¿ìÀúÀÇ Á¦¾à ¾øÀÌ µ¶¸³ ½ÇÇàÇü ¸ð¹ÙÀÏ ¹× µ¥½ºÅ©Å¾ À¥ ¾ÖÇø®ÄÉÀ̼ÇÀ» ±¸ÃàÇϰųª »ç¿ëÇÒ ¼ö Àִ ȯ°æÀ» Á¦°øÇÏ´Â µµ±¸
[¹Î¼¼¾Æ ±âÀÚ(boan5@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>