Adobe Systems has made available via the Player Download Center, version 9.0.16.0 of the Flash Player. The security update is also available through the auto-update mechanism. This is the case as
the company has revealed in a security notification the existence of what it calls critical vulnerabilities in Flash Player 8.0.24.0 and earlier variants. As yet, Adobe has not confirmed the existence of exploits but has warned that unpatched products are vulnerable to remote code execution. To avoid system compromising, Adobe advises immediate upgrade to Flash Player 9.0.16.0.
"Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user's web browser, email client, or other applications that include or reference the Flash Player," explained Adobe.
The vulnerability involves triggering an infinite loop process on ColdFusion servers via Flash remoting that would conduct to a denial of service condition and eventually allow an attacker to gain complete control over a compromised system. A malicious Flash SWF component would have to be loaded into the player while browsing, in order to generate the attack.
Follow the editor on Twitter @mariusoiaga
Find us on Google+
No user comments yet.
Be the first to express your opinion!
