resource center
  See your link here
|
IDG News Service - Adobe Systems has updated its Flash multimedia software to eliminate five flaws affecting Windows, OS X and Linux systems.
The update fixes a critical flaw that could cause a PC to be hacked merely by viewing a malicious SWF (Shockwave Flash) file, according to Adobe's advisory.
Flash vulnerabilities are particularly dangerous because of the widespread use of the graphics format across the Internet for rich Web pages and banner advertisements. Most Web browsers have the Flash player plug-in installed, which makes it an attractive target for hackers.
Online advertising networks have struggled to keep malicious Flash advertisements off their networks, as they are often difficult to detect.
Victims of a Flash attack are usually duped via a social engineering trick or by viewing malicious content injected into a trusted site, according to a warning from iDefense, the security branch of VeriSign.
Two of the other Adobe updates address potential problems with "clickjacking," a difficult but powerful hack that lures a victim into clicking on a certain place on a Web page in order to enable an attack.
The other two updates fix a potential denial-of-service condition caused by an input validation problem, and the remaining one fixes an information disclosure problem on Linux systems.
The most up-to-date Flash player for most users is 10.0.22.87. Other versions are available for users of AIR or Flash CS3 Professional: Adobe has published a chart in its advisory listing the upgrades.
Adobe has a Web page that will automatically display what Flash version a computer is using. Flash also has an auto-update system that will prompt a user that it's time to upgrade.
The latest Flash problems come as Adobe is grappling with another serious vulnerability in its Acrobat and Reader products, used for reading PDF files, that affects both Mac and Windows users.
The flaw can allow an attacker to take over a computer if someone opens a malicious PDF file. Adobe has said it will issue a patch by March 11, but security experts have cautioned it leaves a wide time window for attacks.
Security vendor Sourcefire has said it has traced PDF attacks going back to Jan. 9. The company has issued an unsupported temporary patch.
IDG.net
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
