Home arrow Flash arrow Critical Flash Vulnerability Heats Up the Web
FLASH

Critical Flash Vulnerability Heats Up the Web


Tech giant Adobe issued a security advisory Wednesday, cautioning users and alerting them to a zero-day vulnerability in the current version of its popular Flash Player and Reader.

Author Info:
By: DevShed
Rating: 4 stars4 stars4 stars4 stars4 stars / 15
July 23, 2009

print this article
SEARCH DEVARTICLES

Tech giant Adobe issued a security advisory Wednesday, cautioning users and alerting them to a zero-day vulnerability in the current version of its popular Flash Player and Reader.


"A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system," the company reported.

Meanwhile, US-CERT, working alongside Homeland Security, advised users to disable Flash in Adobe Reader 9 on Windows-based computers, and to disable Flash Player entirely. John Bambenek, SANS Internet Storm Center handler, says that while only a few malicious websites are presently serving the exploit, there are confirmed cases where links have been injected from legitimate sites as well in what is known as a drive-by attack.

The new exploit falls on the heels of several Adobe vulnerabilities, including the most recent - clickjacking and JBIG2. The flaws have left Adobe open to criticism from those in the security community, forcing the company to release two new patches. You may recall a blog post from the Director of Product Security, Brad Arkin, back in May outlining three new security measures the company was incorporating.

Fixes for the current vulnerability are expected on July 30th for Flash Player, and July 31st for Adobe Reader and Acrobat.

Read more on Adobe's Flash Vulnerability:

Adobe Vulnerability Targeted in Drive-by Attacks - eWeek

Adobe Flash Vulnerability Exploited in Web Pages - Network World

Adobe Offering Insecure Reader Software - Information Week

 


DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

All Flash Tutorials
More By DevShed


blog comments powered by Disqus
FLASH ARTICLES

- More Top Flash Game Tutorials
- Top Flash Game Tutorials
- Best Flash Photo Gallery Tutorials
- The Top Flash Tutorials for Menus
- 7 Great Flash Tutorials
- Adobe Creative Suite 5.5 Now Available
- Critical Flash Vulnerability Heats Up the Web
- More on Nonpersistent Client-Side Remote Sha...
- Nonpersistent Client-Side Remote Shared Obje...
- Using the Decorator Pattern for a Real Web S...
- Using Concrete Decorator Classes
- Delving More Deeply into the Decorator Patte...
- The Decorator Pattern in Action
- A Simple Decorator Pattern Example
- Decorator Pattern

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials