News Stay informed about the latest enterprise technology news and product updates.

Adobe updates Flash Player to fix clickjacking, buffer overflow flaws

Flaws in Adobe Flash Player could be used by an attacker to gain access to system files and take control of a computer. Adobe recommends updating to the latest version.

Adobe Systems Inc. updated its popular Flash Player to fix vulnerabilities that could allow an attacker to execute arbitrary code and gain control of a computer.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Flaws were discovered in version of Flash Player and earlier. The update also affects AIR 1.5, Flash CS4 and CS3 Professional and Flex 3.

Affected users should upgrade to version A patch was also released for Flash Player 9 to address users that cannot update to the latest version, Adobe said.

Adobe Acrobat zero-day:
Sourcefire issues Adobe zero-day patch to block attacks: "Home brew patch," blocks attempts by hackers to exploit an unpatched buffer overflow vulnerability in Adobe Reader 9.

Attackers target new Adobe zero-day flaw: Attackers are actively targeting a zero-day flaw in Adobe Acrobat Reader software, according to a warning from Symantec.

In its security advisory, Adobe said the update addresses five vulnerabilities in the player. Among the flaws is an input validation issue that could result in a denial-of-service attack. A potential clickjacking issue has also been patched as well as an issue with the Linux version of the Flash player that could result in privilege escalation.

A flaw was discovered by iDefense Labs, which issued an advisory Tuesday. iDefense researchers discovered an invalid object reference vulnerability in Flash Player that created an error when the player attempted to process Shockwave Flash files. The flaw could be exploited if a person browses to a website hosting malicious Shockwave Flash files, iDefense said.

"An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site," iDefense said in its advisory. "Utilizing various techniques, an attacker is able to reallocate and control the memory used by the destroyed object. This allows the attacker to subvert execution when a virtual function is called via the invalid reference."

Dig Deeper on Web browser security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.