My Books

  • Follow me on Twitter
My Photo

Subscribe my blog

  • Get this widget from Widgetbox
  • Add to Google
  • RSS FEEDS
  • Enter your Email here to subscribe :



    Powered by FeedBlitz

Blog Widget by LinkWithin

« Do I need to sign a redistribution license to deploy AIR in an enterprise setting ? | Main | MultiMania 08 is over but I had awesome time ! »

Adobe Flash 9 vulnerability found ?!?!?

I've just read it and reported. It seems that Symantec found a bug on the Adobe Flash Player  ( include 9.0.124 .0and 9.0.115.0)  and it says web sites hosting Adobe Flash Player content can be compromised by an exploit in the newest version of Flash. Embedded JavaScript can redirect users to a Chinese malware server :

(From CNET News)Symantec says that under certain conditions embedded JavaScript within the player will redirect users to dota11.cn. In an alert on Tuesday, Symantec said specific details about the vulnerability exploited were unknown, and initial testing of the in-the-wild exploit showed it to be unreliable. Nonetheless, Symantec said it had identified at least one commercial site, www.bridgettwalther.com, which is a horoscope Web site, but that the embedded malicious code has since been removed.

Read more on securityfocus.com (Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability)

Comments

That doesn't make any sense to me...

There is no javascript embedded in the player as far as I know. Any Flex application can include javascript, and inject it into the host webpage. This isn't a "vulnerability" though, it's a feature.

Ha! I just found vulnerability in every browser: self.location() may redirect users to Chinese malware server! ;)

Yeah right. And symantec still uses Flash on their site, http://www.symantec.com/index.jsp

Hi guys. This time it's real or Adobe wouldn't urge everybody to update:
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html

J

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Pistach.io

Speaker at

WebDeveloper's Journal Author

  • My favourite Flash Lite 3 mobile phone
  • Web Developer's & Designer's Journal by Sys Con Media
  • Web Developer's & Designer's Journal Blogger
    Web Developer's & Designer's Journal by Sys Con Media
  • FullAsGoog Aggregator
  • Macromedia WebLogs Aggregator

July 2009

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31