/>
X
Business

Adobe updates Flash Player 9 to fix six security holes

Adobe has slapped another band-aid on its ever-present Flash Player to cover at least six documented security vulnerabilities that could expose users to a wide range of hacker attacks.The patch, rated "critical" by Adobe, affects Flash Player 9.
Written by Ryan Naraine, Contributor on
Adobe has slapped another band-aid on its ever-present Flash Player to cover at least six documented security vulnerabilities that could expose users to a wide range of hacker attacks.

The patch, rated "critical" by Adobe, affects Flash Player 9.0.124.0 on all platforms.  Adobe is recommending that users upgrade immediately to Flash Player 10.

The skinny on the latest Flash Player vulnerabilities:

  • CVE-2008-4818: This update includes a change to the way Flash Player interprets HTTP response headers to prevent a potential cross-site scripting attack.
  • CVE-2008-4819: This update introduces a change to mitigate a potential issue that could aid an attacker in executing a DNS rebinding attack.
  • CVE-2008-4823: This update introduces stricter interpretation of an ActionScipt attribute to prevent a potential HTML injection issue.
  • CVE-2008-4822: This update prevents an issue with policy file interpretation that could potentially lead to bypass of a non-root domain policy.
  • CVE-2008-4821: This update prevents an issue with the Flash Player interpretation of jar: protocol on Mozilla browsers that could potentially lead to information disclosure.
  • CVE-2008-4820: This update prevents a potential Windows-only information disclosure issue in the Flash Player ActiveX control.

Adobe provides this page to held end users determine which version of Flash Player is installed on a system.   Keep in mind that any version below Flash Player 9.0.151.0 will be vulnerable to these attack scenarios.

Separately, Adobe released Security Bulletin ASPB08-21 to resolve a potential privilege escalation issue that is particularly applicable to ColdFusion servers in a shared hosting environment:

  • A vulnerability in ColdFusion could allow a lower-privileged user to bypass sandbox security and access sensitive information, and could potentially lead to a privilege escalation attack. This issue is particularly applicable to ColdFusion servers in a shared hosting environment. This issue is not remotely exploitable.

Affected software versions are ColdFusion 8, ColdFusion 8.0.1 and ColdFusion MX 7.0.2 Solution.

Editorial standards

Related

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for
garmin-index-bpm-lifestyle

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for

We will see a completely new type of computer, says AI pioneer Geoff Hinton
artificial-intelligence

We will see a completely new type of computer, says AI pioneer Geoff Hinton

Delta Air Lines finds an outrageous way to insult important customers
Delta Air Lines Boeing 767 airplane at Munich airport

Delta Air Lines finds an outrageous way to insult important customers