Adobe's Flash Player 10 upgrade addresses clickjacking

Powered by SC Magazine
 

Because of the potential for clickjacking exploits, all users of Flash Player are recommended to upgrade.

Adobe on Wednesday announced the release of Flash Player version 10, which addresses the clickjacking security vulnerabilities that could give an attacker access to a user's webcam and microphone.

In a security bulletin, Adobe said that all users of Flash Player version 9.0.124.0 and earlier should upgrade to version 10. Users can upgrade by running the auto-update in the program when prompted, or visit Adobe's Player Download Center.

“Clickjacking is an issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog,” Adobe said in its security advisory. “This update helps prevent a clickjacking attack on a Flash Player user's camera and microphone.”

The update also addresses other security issues. It prevents privilege escalation attacks against web servers hosting Flash content and cross-domain policy files, fixes a potential port-scanning issue and prevents potential attacks to the clipboard API, Adobe said in its security advisory.

"We recommend all users upgrade to Adobe Flash Player 10 in order to mitigate the potential issues as outlined in the Oct. 15 Security Bulletin," Brad Arkin, director, Product Security and Privacy at Adobe, told SCMagazineUS.com Thursday in an email.

Customers who cannot upgrade immediately due to IT restrictions or other reasons can change their settings to mitigate the potential for falling victim to clickjacking exploits. The workaround is outlined in an older Adobe security advisory. Arkin said there will also be a security update for Flash Player 9 available next month.

Jermiah Grossman, founder of WhiteHat Security and Robert Hansen, founder and CEO of SecTheory notified Adobe of the potential for clickjacking exploits against Flash Player last month. These two researchers had been researching clickjacking since the middle of the year.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Time management tips for CIOs
[Blog post] How to get to the genba.
 
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1109

Vote