Adobe Flash exploit could log keystrokes

By Dawn Kawamoto, CNET News.com
Monday, July 16, 2007 11:42 AM

Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers.

Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected.

Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory from Secunia. Attackers, as a result, can gain remote access to a user's system.

In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.

Versions 8.0.34.0 and earlier contain a bug due to insufficient validation of the HTTP referrer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.

Adobe recommends that 9.0.45.0 users upgrade to 9.0.47.0 for Windows, Mac and Solaris, or 9.0.48.0 for Linux.

Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.


WORTHWHILE?

0

0 votes
Blog

Talkback 2 comments

Flash has several other privacy and security issues, as were discussed by Security-Hacks.com

(web link)
Posted by Jon on Tuesday, July 17 2007 04:27 AM

okay. That's it. The flash player has been removed from this computer. Keep your stinkin' flash objects. I don't want 'em. This is the second time I've heard of the flash player being used to facilitate spying, so I'm not sure it's not intentional. Show your flash objects to someone else. I don't wanna see 'em anymore. Flash this.
Posted by Jolly Roger on Wednesday, July 18 2007 03:17 AM

Guest user

Guest user

Level: 
Joined: —
Already a member? Log in »



 

Loading...

News from Countries/Region

Tech Jobs Now!


Search for your ideal tech job:

Mainsoft: Opening options for Java, .NET developers

Java

Mainsoft provides tools for running .NET code on the Java platform.


Read more »


Tags

  1. against
  2. antivirus
  3. asian
  4. attacks
  5. blame
  6. by
  7. critical
  8. cyber
  9. data
  10. flaw
  11. flaws
  12. google
  13. govt
  14. hit
  15. hp
  16. malware
  17. microsoft
  18. online
  19. over
  20. security
  21. software
  22. symantec
  23. threats
  24. uk
  25. under
  26. update
  27. updates
  28. us
  29. warns
  30. web
 
Oracle SOA Business Software Centre
Many companies are recognizing the need to adopt standards in their efforts to build service-oriented applications.
Secure the "Next-Gen SOA Infrastructure" & "Bringing SOA Value Patterns to Life" whitepapers here

» Visit the Power Center
Increase performance with eco-technology innovations
Simplify your infrastructure and unify management, while lowering power and cooling costs of your datacenter.
» Maximum flexibility with powerful blade technolgy
» Bring new services and applications online faster
» Lower energy use and cost

Up close and personal with a merger

Blog thumbnail

What can you get for 13.9 billion buckaroos? For Hewlett-Packard, US$13.9 billion would allow you to buy your way into becoming the second biggest IT services company in the industry...... by Eileen Yu

Read more »


Industry Watch: Manufacturing for Retail

Learn how the right information puts manufacturers ahead of the competition.