Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Adobe Upgraded Flash Player to Close Critical Flaw

In the fourth week of December 2007, Adobe Systems Inc. plugged nine critical flaws in its Flash Player that hackers can use to hack Linux machines, Mac and Windows. Secunia ASP, the Danish vulnerability tracker, has called the nine flaws 'highly critical' and it is estimated to be the second from the top threat ranking.

As per Adobe and Secunia advisories, one of the bugs is an input validation error that can be used to operate code if a user clicks an illegitimate or unknown link or access a harmful site. Google Inc.'s security team was appreciated by Adobe with the reporting of just two flaws out of the nine, on the other hand, Standford University's team agreed to notify Adobe of another pair of bugs.

Further, the firm is also recommending that users should upgrade to the Adobe Flash Player 9.0.115.0 (Mac, Win, Linux) through the auto update process of software. Later, a security patch for Solaris will also be released.

Also, the update introduces functionality to check a hole which allows the operation of DNS rebinding attacks and new, rigid methods for Flash Player to perceive cross-domain policy files, and also prohibits the unsupported "asfunction" protocol to attend potential cross-site scripting issues with SWF files. Apart from this, it also takes care of a problem that can permit distant attackers to change client requests' HTTP headers and carry out HTTP Request Splitting attacks.

Although the immense fame of Flash Player application puts the exposure to attacks on a scale which can be compared with the ubiquitous phishing attacks that spread through mail, Jonathan Bitle, Technical Accounts Manager, Qualys, said that it is different from phishing attacks which automatically relay attacks; here users have to install SWF files to be attacked by hackers appearing as Flash Player presentations, as reported by SC Magazine on December 19, 2007.

Jonathan added that the presence of flaws in a famous application years after it is being introduced should be taken as alarming calls for developers and they should start working on potential security issues.

He also said that everybody should work towards in taking their security and potential vulnerabilities to another level.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 02-01-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next