Adobe Fixes Clickjacking Vulnerability In Flash Player 10
Adobe has released Flash Player 10 with numerous major security improvements, including patches and mitigation for at least five serious security vulnerabilities. According to Adobe, the vulnerabilities covered with Flash Player 10 could allow an attacker to bypass the software’s security controls.
Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users update to the most current version of Flash Player available for their platform. Due to the possibility that these security enhancements and changes may impact existing content, customers are advised to review Adobe Developer Center article to determine if their content will be impacted, and to begin implementing necessary changes immediately to help ensure a seamless transition.
The fix also takes care of clickjacking threat and clipboard hijack attacks. A patch for Flash Player 9, which is vulnerable to these attack scenarios, is not yet available. That patch is currently scheduled for early November.
A second “critical” bulletin was also released for Flash CS3 Professional to cover a code execution vulnerability. An attacker would need to convince a user to open a malicious SWF file to successfully exploit the issues. Adobe recommends that developers exercise caution when receiving unsolicited or suspicious SWF files. These issues do not affect Flash CS4 Professional. These issues do not affect the Mac version of Flash CS3 Professional.
New version can be downloaded from Adobe Download Center.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.