Adobe Patches Critical Hole In Flash Player

Recommended Posts

25 February 2009, 12:49

Adobe patches critical hole in Flash Player, but PDF hole remains open

Adobe has released an update for its Flash Player that fixes a critical security vulnerability that could allow an attacker to remotely take control of a users system. The vulnerability can be found in versions and earlier of the player. Version for Linux is also vulnerable.

For an attack to be successful, a user must either load a malicious Shockwave Flash (SWF) File into Flash Player, or simply be lured to a site containing a malicious SWF file. The update fixes the buffer overflow issue that could potentially allow an attacker to execute arbitrary code and take control of the affected system. The update also resolves an input validation issue that leads to a Denial of Service (DoS) attack and a Windows only issue, where Flash could potentially contribute to a Clickjacking attack.

The Flash Player does have a built in automatic update checker, however, it only checks for updates once every 30 days. To protect yourself Adobe recommends that all Flash Player users update to the newest version, manually. The current version of the Flash Player is Users can check which version of the Flash Player they currently have installed by simply visiting the about Adobe Flash page. An iDefense report on the issue, documents the length of time that it has taken Adobe to patch this vulnerability. Initial contact was made on the 25th of August, 2008 and the issue has only now been fixed.

Heise Security for full story:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.