Security Bytes

Aug 11 2010   1:46PM GMT

Adobe Flash update fixes flaw that enables clickjacking attacks



Posted by: Robert Westervelt
Tags:
Adobe
Adobe Flash

Adobe repaired six memory corruption vulnerabilities in Flash Player that could enable an attacker to execute code remotely on a victim’s computer.

Adobe Systems Inc. plugged six vulnerabilities in Flash Player and issued updates to its ColdFusion and Adobe Flash Media Server, fixing several other flaws in those products.

The software maker said the vulnerabilities in its Flash Player could cause the application to crash and enable an attacker to gain access to a victim’s computer. The repairs include several memory corruption errors as well as a bug that could enable clickjacking attacks. The vulnerabilities are in Flash Player version 10.1.53.64 and earlier. In addition, Adobe updated its Adobe AIR development environment and urges users to upgrade to Adobe AIR 2.0.3.

Adobe has addressed vulnerabilities that enable clickjacking in the past. One security expert, John Strand, told SearchSecurity.com that clickjacking may be better prevented through security policy, rather than technology.

An update to Adobe Flash Media Server fixes four vulnerabilities that could enable an attacker to run malicious code on an affected system. The vulnerabilities affect Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX.

Adobe said it also corrected a directory traversal vulnerability in ColdFusion 9.0.1 and earlier versions that could lead to a data leakage. ColdFusion is a development environment used by website designers to create dynamic web pages.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: