Security Bytes

Aug 11 2010   1:46PM GMT

Adobe Flash update fixes flaw that enables clickjacking attacks

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


Adobe repaired six memory corruption vulnerabilities in Flash Player that could enable an attacker to execute code remotely on a victim’s computer.

Adobe Systems Inc. plugged six vulnerabilities in Flash Player and issued updates to its ColdFusion and Adobe Flash Media Server, fixing several other flaws in those products.

The software maker said the vulnerabilities in its Flash Player could cause the application to crash and enable an attacker to gain access to a victim’s computer. The repairs include several memory corruption errors as well as a bug that could enable clickjacking attacks. The vulnerabilities are in Flash Player version and earlier. In addition, Adobe updated its Adobe AIR development environment and urges users to upgrade to Adobe AIR 2.0.3.

Adobe has addressed vulnerabilities that enable clickjacking in the past. One security expert, John Strand, told that clickjacking may be better prevented through security policy, rather than technology.

An update to Adobe Flash Media Server fixes four vulnerabilities that could enable an attacker to run malicious code on an affected system. The vulnerabilities affect Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX.

Adobe said it also corrected a directory traversal vulnerability in ColdFusion 9.0.1 and earlier versions that could lead to a data leakage. ColdFusion is a development environment used by website designers to create dynamic web pages.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: