Adobe issues update to fix Flash flaws

Share this article:
Adobe on Wednesday released a new version of its Flash player to correct seven vulnerabilities that could permit attackers to take remote control of a victim's computer.

Systems running Flash version 9.0.115.0 and earlier, and those running version 8.0.39.0 and earlier, are vulnerable, according to a US-CERT alert. Attackers can exploit the flaws by tricking unsuspecting users into visiting a website hosting a specially crafted SWF (Shockwave Flash) file.

If successful, the resulting payload could range from security bypass to cross-site scripting to a complete system takeover, according to vulnerability tracking firm Secunia, which rated the updates highly critical.

As an alternative to upgrading to the latest version, users can disable the Flash plug-in or leverage NoScript, a Firefox add-on.

More information from Adobe is available here.



For more coverage of the RSA Conference, visit our special RSA Conference 2008 microsite. It contains news and announcements from the show floor, as well as podcasts, video and opinion columns from keynote speakers and industry luminaries, like RSA Conference's Sandra Tom La Pedis and Tim Mather, Symantec's John Thompson and Kevin Haley, IBM's Val Rahmani, and SC Magazine's CSO of the Year Dan Lohrmann, CISO of the state of Michigan.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.