CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 15th, 2008

Adobe Fixes Clickjacking Vulnerability In Flash Player 10

Adobe has released Flash Player 10 with numerous major security improvements, including patches and mitigation for at least five serious security vulnerabilities. According to Adobe, the vulnerabilities covered with Flash Player 10 could allow an attacker to bypass the software’s security controls.

Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users update to the most current version of Flash Player available for their platform. Due to the possibility that these security enhancements and changes may impact existing content, customers are advised to review Adobe Developer Center article to determine if their content will be impacted, and to begin implementing necessary changes immediately to help ensure a seamless transition.

The fix also takes care of clickjacking threat and clipboard hijack attacks. A patch for Flash Player 9, which is vulnerable to these attack scenarios, is not yet available. That patch is currently scheduled for early November.

A second “critical” bulletin was also released for Flash CS3 Professional to cover a code execution vulnerability. An attacker would need to convince a user to open a malicious SWF file to successfully exploit the issues. Adobe recommends that developers exercise caution when receiving unsolicited or suspicious SWF files. These issues do not affect Flash CS4 Professional. These issues do not affect the Mac version of Flash CS3 Professional.

New version can be downloaded from Adobe Download Center.

Share this item with others:

More on CyberInsecure:
  • Critical Security Vulnerability Patched In Adobe AIR 1.5
  • Confirmed Zero-day Flash Vulnerability In Latest Adobe Reader And Acrobat 9.1.2, Adobe Flash Player 9 And 10
  • Potential Vulnerability In Adobe Flash
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • Critical Adobe Shockwave Player Vulnerability Affects Millions

    • Posted in Adobe, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, October 15th, 2008 at 3:33 pm and is filed under Adobe, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Adobe Fixes Clickjacking Vulnerability In Flash Player 10

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »