Advertisement
Promo

Security threats Toolkit

Adobe addresses Flash Player 'clickjacking' flaw

Tom Espiner ZDNet.co.uk

Published: 16 Oct 2008 12:53 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Adobe has addressed a security flaw in its Flash Player products that could lead to 'clickjacking' attacks.

Flash Player 10, released on Wednesday, includes a fix for the clickjacking vulnerability published by researchers Jeremiah Grossman and Robert Hansen earlier this month. Clickjacking attacks take advantage of vulnerabilities in Adobe Flash Player 9.0.124.0 and earlier, as well as vulnerabilities in browsers such as Internet Explorer, Opera, Firefox and Safari. Exploitation of the flaws could allow an attacker to disguise website elements, such as dialogue boxes and links, so that the user is fooled into visiting malicious websites.

"Flash Player 10 addresses Flash Player-specific aspects of the overall clickjacking issue," wrote Adobe product security programme manager David Lenoe in a blog post on Wednesday.

Read this

Review
Adobe Creative Suite 4 Master Collection: A first look

Read more +

The Flash Player 10 update also helps prevent a clickjacking attack on a user's web camera and microphone, according to an Adobe security advisory. This variant of the attack could allow eavesdropping.

The update contains four more security fixes, including a mitigation against clipboard attacks and a fix for a port-scanning issue. For customers who cannot upgrade to Flash Player 10, a Flash Player 9 update is currently scheduled for early November, according to the advisory.

On Wednesday, Adobe also published a security advisory for Flash Creative Suite 3 Professional, warning of a potential flaw that allows an attack using malformed SWF files. Flash Creative Suite 4, released on Wednesday, and Flash Player products, are not affected by this issue.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
6 out of 6 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment

Campaigners criticise '£10bn NHS IT ov...

The National Health Service's flagship IT project has been criticised by a tax campaign group for running billions of pounds over budget. The NHS National Programme for IT (NPfIT)... More

2 comments

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters