Computerworld - Three critical vulnerabilities in Flash Player that could let hackers infect Windows, Mac OS X and Linux systems, were patched yesterday by Adobe Systems Inc.
The most dangerous of the trio was described by Adobe as an input validation error that could be exploited by attackers who duped users into visiting a Web site and fed them malicious Flash content there. "[This] could lead to the potential execution of arbitrary code," Adobe said in a security advisory posted late yesterday.
Other bugs in the bunch could be used in cross-site request forgery (CSRF) attacks -- also called "one-click attacks," in which hackers insert script to a page they know users have already authenticated at, such as an online backing log-in URL -- or leak keypresses, added Danish vulnerability tracker Secunia ApS.
Adobe posted an updated edition of Flash that patches the problems; dubbed Version 9.0.47.0, the plug-in for Internet Explorer, Firefox, Netscape and Opera can be downloaded from the Adobe site. Patches for earlier versions -- including the 7.x line used in Solaris and Linux -- can be found here.
The last time Flash Player was patched was April, when Adobe repaired the Linux and Solaris plug-ins used with the Opera and Konqueror browsers. In March, Apple Inc. included a Flash fix in its 2007-003 security update that upped Mac OS X to Version 10.4.9.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
