In association with heise online

11 August 2010, 11:55

Adobe closes critical holes in Flash products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has closed numerous security holes in Flash Player, Flash Media Server and ColdFusion. Several flaws in the memory management of Flash Player 10.1 can potentially be exploited by attackers to inject malicious code into systems. Another vulnerability makes the player susceptible to click-jacking attacks. The holes affect the security of Flash Professional CS5, Flash CS4 Professional and Flex 4. Adobe says that all versions of Flash Player up to are vulnerable and advises users to update to the current version

Users who still have Flash Player 9 on their systems, for instance after installing Flash CS3 Professional or Flex 3, can close the holes by updating to Player version 9.0.280, which was also released yesterday (Tuesday). Adobe AIR is equally vulnerable up to version, and AIR users can update to version 2.0.3, which no longer contains the flaw.

Administrators who use the Flash Media Server, up to and including version 3.0.5 and 3.5.3, under Windows or Unix are advised to update to 3.0.6/3.5.4, as several holes in the earlier versions can be exploited to inject malicious code. ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and older versions potentially disclose sensitive information to attackers, which can be prevented by applying a security hotfix.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit