Adobe's Flash Player 10 upgrade addresses clickjacking

Share this article:

Adobe on Wednesday announced the release of Flash Player version 10, which addresses the clickjacking security vulnerabilities that could give an attacker access to a user's webcam and microphone.

In a security bulletin, Adobe said that all users of Flash Player version 9.0.124.0 and earlier should upgrade to version 10. Users can upgrade by running the auto-update in the program when prompted, or visit Adobe's Player Download Center.

“Clickjacking is an issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog,” Adobe said in its security advisory. “This update helps prevent a clickjacking attack on a Flash Player user's camera and microphone.”

The update also addresses other security issues. It prevents privilege escalation attacks against web servers hosting Flash content and cross-domain policy files, fixes a potential port-scanning issue and prevents potential attacks to the clipboard API, Adobe said in its security advisory.

"We recommend all users upgrade to Adobe Flash Player 10 in order to mitigate the potential issues as outlined in the Oct. 15 Security Bulletin," Brad Arkin, director, Product Security and Privacy at Adobe, told SCMagazineUS.com Thursday in an email.

Customers who cannot upgrade immediately due to IT restrictions or other reasons can change their settings to mitigate the potential for falling victim to clickjacking exploits. The workaround is outlined in an older Adobe security advisory. Arkin said there will also be a security update for Flash Player 9 available next month.

Jermiah Grossman, founder of WhiteHat Security and Robert Hansen, founder and CEO of SecTheory notified Adobe of the potential for clickjacking exploits against Flash Player last month. These two researchers had been researching clickjacking since the middle of the year.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.