Please support our Web Development advertiser:
Featured Entry 
Jul 13th, 2007, 11:43 am
No less than three critical vulnerabilities have been identified by Adobe affecting upon users of Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier.
The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player 8.0.34.0 and earlier which could result in a cross-site request forgery attack.
Although the newly released update fixes software on all platforms, Linux and Solaris unsurprisingly get away with just Flash Player 7 (7.0.70.0) being at fault and with no impact at all for the version 9 software. The Linux and Solaris updates for Flash Player 7 addresses an issue with usage of Opera and Konqueror browsers alone.
Although a malicious SWF does need to be loaded in Flash Player by the user for any attacker to exploit the vulnerabilities, there are plenty of click-happy targets to aim at, especially when it comes to multi-media content such as this. Therefore, Adobe is recommending all users should update to the most current version of Flash Player available for their chosen platform. Namely, version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux), by using the auto-update mechanism within the product when prompted.
If for whatever reason you cannot upgrade to Player 9, Adobe has a patched version of Player 7 available as well.
The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player 8.0.34.0 and earlier which could result in a cross-site request forgery attack.
Although the newly released update fixes software on all platforms, Linux and Solaris unsurprisingly get away with just Flash Player 7 (7.0.70.0) being at fault and with no impact at all for the version 9 software. The Linux and Solaris updates for Flash Player 7 addresses an issue with usage of Opera and Konqueror browsers alone.
Although a malicious SWF does need to be loaded in Flash Player by the user for any attacker to exploit the vulnerabilities, there are plenty of click-happy targets to aim at, especially when it comes to multi-media content such as this. Therefore, Adobe is recommending all users should update to the most current version of Flash Player available for their chosen platform. Namely, version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux), by using the auto-update mechanism within the product when prompted.
If for whatever reason you cannot upgrade to Player 9, Adobe has a patched version of Player 7 available as well.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 4,633 views, 1 comment, and 46 linkbacks. 2 voters have rated this entry an average of 3 out of 5 stars. It was promoted to featured status Jul 13th, 2007.
•
•
•
•
adobe advertising apple botnet browser business crime data development email environment europe facebook firefox flash forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news privacy research search security software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
docsharp01 | Newbie Poster | 24 Days Ago
•
•
•
•
I using Adobe Reader only because I find it useful for work and printing documents.
http://www.1-satellite-tv-facts.com
http://www.1-satellite-tv-facts.com/Direct-TV.html
http://www.1-satellite-tv-facts.com/Dish-Network.html
http://www.1-satellite-tv-facts.com/...ite-Radio.html
http://www.1-satellite-tv-facts.com/...t-Service.html
http://www.1-satellite-tv-facts.com/Satellite-DSL.html
http://www.1-satellite-tv-facts.com/...-Internet.html
http://www.1-satellite-tv-facts.com/VoIP.html
http://www.1-satellite-tv-facts.com/Phone-Systems.html
http://www.1-satellite-tv-facts.com/...-Programs.html
http://www.1-satellite-tv-facts.com
http://www.1-satellite-tv-facts.com/Direct-TV.html
http://www.1-satellite-tv-facts.com/Dish-Network.html
http://www.1-satellite-tv-facts.com/...ite-Radio.html
http://www.1-satellite-tv-facts.com/...t-Service.html
http://www.1-satellite-tv-facts.com/Satellite-DSL.html
http://www.1-satellite-tv-facts.com/...-Internet.html
http://www.1-satellite-tv-facts.com/VoIP.html
http://www.1-satellite-tv-facts.com/Phone-Systems.html
http://www.1-satellite-tv-facts.com/...-Programs.html
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Web Development Marketplace
Related Blog Entries
- UK ISPs agree to throttle illegal music file-sharers (19 Hours Ago)
- Open Web Foundation to Help Shepard Standards (22 Hours Ago)
- WikiGoogle or GooglePedia? Nope, it is Knol actually. (1 Day Ago)
- Botnets boost click-fraud rate (2 Days Ago)
- DNS Security Flaw In the Wrong Hands? (3 Days Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (3 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- Fake UPS invoices deliver Pushdo botnet package (5 Days Ago)
- Consumer electronics revenue to hit $700 billion by 2009 (13 Days Ago)
- The ultimate in-car tech KITT, a Knight Rider satnav (16 Days Ago)
Related Forum Threads
- Which language to learn? (Computer Science and Software Design)
- Flash Developer - games, e-learning, online - Glasgow (Web Development Job Offers)
- System Alert (Viruses, Spyware and other Nasties)
- windows and linux (C++)
- Ok, It's Linux time! (Getting Started and Choosing a Distro)
- ADOBE - With a CD (Windows Software)
- Press Release (*nix Software)
