We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,821 News Articles

Nine 'critical' Flash flaws patched by Adobe

Vulnerabilities threaten Windows, Mac & linux

Adobe has patched nine critical vulnerabilities in Flash that hackers could use to attack Windows, Mac and Linux machines.

"Multiple input validation errors have been identified in Flash Player 9.0.48.0 and earlier that could lead to the potential execution of arbitrary code," Adobe said. "These vulnerabilities could be accessed through content delivered from a remote location via the user's web browser, email client or other applications that include or reference the Flash Player."

Danish vulnerability tracker Secunia ASP collectively rated the nine bugs as "highly critical", its second-from-the-top threat ranking.

The flaws can be exploited using malicious .swf files, a vector graphics format specific to Flash. Specifically, said Adobe, the vulnerabilities could be used to conduct cross-site scripting attacks, run DNS rebinding attacks that circumvent firewall defences and elevate privileges on servers hosting Flash content.

Google's security team was credited by Adobe with reporting two of the nine vulnerabilities, while a team at Stanford University received a nod for notifying Adobe of another pair of bugs.

"Users are recommended to update to the most current version of Flash Player available for their platform," Adobe said. The update, dubbed Flash Player 9.0.115.0, can be downloaded from the Adobe site. Solaris users, however, must download a beta of the updated Player to protect their machines.

Mac OS X users who refreshed their operating system with the 41-fix Security Update 2007-009, which Apple issued Monday, already have the revised Flash Player in hand, and don't need to take additional action.

According to Adobe, people who must rely on the older Flash Player 7 should download and install the patched version of that edition instead of 9.0.115.0.


IDG UK Sites

Android One vs Android Silver vs Google Nexus: What is the difference?

IDG UK Sites

Apple updates MacBook Pro line-up: Price cuts & spec boosts for 6 MacBook Pro models

IDG UK Sites

Long live the internet fridge: the Internet of Things is coming

IDG UK Sites

How Prometheus' colourist Juan Ignacio Cabrera gave a tense, edgy feel to Chosen