Updates for Adobe Flash Player and Photoshop
Software vendor Adobe has released updates for its Flash Player and Photoshop CS2/CS3 software to fix holes that can be exploited by attackers, for instance to inject malicious code through specially crafted web pages or e-mail attachments.
While an input validation error could lead to arbitrary code execution in Flash Player 126.96.36.199 and prior versions, insufficient validation of the HTTP Referer in Flash Player 188.8.131.52 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 184.108.40.206) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software.
The updates for Photoshop CS2 and CS3 fix the vulnerabilities detected by Marsu at the end of April. These can be triggered when manipulated BMP, DIB, RLE and PNG image files are handled, and could lead to arbitrary code injection and execution. A malicious image, e.g., from an e-mail attachment, must be opened in Photoshop in order to achieve this. Links to patches for Windows and Mac OS X are provided in the security advisory. The vendor advises users to install the update as soon as possible.
- Flash Player update available to address security vulnerabilities, security advisory by Adobe
- Photoshop CS2 and CS3 updates to address security vulnerabilities, security advisory by Adobe