Adobe confirms security vulnerability in Flash Player
Using prepared Flash files placed on websites, attackers could manipulate http headers and carry out http request splitting attacks in the Adobe Flash Player. Abode confirms, in response to a security advisory from Rapid7, that this would enable an attacker to disable internet applications or insert commands into these applications.
Adobe Flash Player versions 9.x, 8.x and 7.x for all platforms are affected. Flash Player versions 6 and older and the current 9.x Beta version do not contain the bug. According to reports, Adobe is already working on a solution. Until then, users should either update the Flash plugin to the latest Beta version, uninstall it or only permit trusted sites to use Flash.
- HTTP Header Injection Vulnerabilities in the Flash Player Plugin, security advisory from Rapid7
- HTTP header injection vulnerabilities in Adobe Flash Player, security advisory from Adobe
- Download the latest Beta versions of the Adobe Flash Player