Posted by: Robert Westervelt
Adobe, Adobe Flash
Adobe repaired six memory corruption vulnerabilities in Flash Player that could enable an attacker to execute code remotely on a victim’s computer.
Adobe Systems Inc. plugged six vulnerabilities in Flash Player and issued updates to its ColdFusion and Adobe Flash Media Server, fixing several other flaws in those products.
The software maker said the vulnerabilities in its Flash Player could cause the application to crash and enable an attacker to gain access to a victim’s computer. The repairs include several memory corruption errors as well as a bug that could enable clickjacking attacks. The vulnerabilities are in Flash Player version 10.1.53.64 and earlier. In addition, Adobe updated its Adobe AIR development environment and urges users to upgrade to Adobe AIR 2.0.3.
Adobe has addressed vulnerabilities that enable clickjacking in the past. One security expert, John Strand, told SearchSecurity.com that clickjacking may be better prevented through security policy, rather than technology.
An update to Adobe Flash Media Server fixes four vulnerabilities that could enable an attacker to run malicious code on an affected system. The vulnerabilities affect Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX.
Adobe said it also corrected a directory traversal vulnerability in ColdFusion 9.0.1 and earlier versions that could lead to a data leakage. ColdFusion is a development environment used by website designers to create dynamic web pages.