Advertisement
Promo

Security threats Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

Adobe Flash exploit could log keystrokes

Dawn Kawamoto CNET News.com

Published: 13 Jul 2007 16:34 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers.

Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected.

Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory from Secunia. Attackers, as a result, can gain remote access to a user's system.

In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.

Versions 8.0.34.0 and earlier contain a bug due to insufficient validation of the HTTP referer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.

Adobe recommends that 9.0.45.0 users upgrade to 9.0.47.0 for Windows, Mac and Solaris, or 9.0.48.0 for Linux.

Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
14 out of 14 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Scientific and Engineering Translators - Translation Services

Web Designer

User Interface Developer required

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Behind the Scenes: Next Gen Mobile Tec...

Behind the Scenes: Next Gen Mobile Technology Author: Eric Everson, Founder MyMobiSafe.com With infrastructure speeds continually improving at the network level of the world’s leading... More

Post a comment

Nasa hacker petition presented to Numb...

Sting's wife Trudie Styler and Janis Sharp have presented a petition to Number 10 calling for Nasa hacker Gary McKinnon not to be extradited to the US. Styler, and Sharp, who is... More

Post a comment

UK to appoint cyber-sec tsar?

The UK is to appoint a cyber security tsar along the lines of the US, according to a story in the Telegraph this morning. The story is similar to one that appeared in the Guardian... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters