Adobe Flash exploit could log keystrokes

By Dawn Kawamoto, CNET News.com
Monday, July 16, 2007 11:42 AM

Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers.

Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected.

Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory from Secunia. Attackers, as a result, can gain remote access to a user's system.

In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.

Versions 8.0.34.0 and earlier contain a bug due to insufficient validation of the HTTP referrer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.

Adobe recommends that 9.0.45.0 users upgrade to 9.0.47.0 for Windows, Mac and Solaris, or 9.0.48.0 for Linux.

Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.


WORTHWHILE?

0

0 votes
Blog

Talkback 2 comments

Flash has several other privacy and security issues, as were discussed by Security-Hacks.com www.security-hacks.com...
Posted by Jon on Tuesday, July 17 2007 04:27 AM

okay. That's it. The flash player has been removed from this computer. Keep your stinkin' flash objects. I don't want 'em. This is the second time I've heard of the flash player being used to facilitate spying, so I'm not sure it's not intentional. Show your flash objects to someone else. I don't wanna see 'em anymore. Flash this.
Posted by Jolly Roger on Wednesday, July 18 2007 03:17 AM


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions


Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery

Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web