Adobe reports security bugs in Flash, AIR and Acrobat
The software company, Adobe, has released a security bulletin detailing the latest list of security vulnerabilities in Flash, its web browser plug-in.
The same vulnerabilities also affect AIR, its desktop runtime that can allow Flash applications (notwithstanding known limitations and compatibility issues) to run in a desktop environment.
There are also a number of security flaws in Acrobat, its software package for desktop publishing and document sharing.
A patch is now available for this latest batch of Adobe bugs. Users with affected versions of the software without the patch could have their security compromised in a number of ways. For example, attackers can use Flash in various ways to execute malicious code on affected computers – taking control of the computer, gaining access, or causing a crash -- when the user visits a web page where Flash is embedded. In particular, hackers can also use Flash to gain administrator-level access on Mac computers.
- Flash/AIR & Acrobat: a memory corruption vulnerability that could allow malicious code execution
- Flash: a privilege escalation vulnerability that could allow someone with desktop access to gain administrative privileges on the Macintosh operating system.
- Flash/AIR: a heap overflow vulnerability that could allow malicious code execution
- Flash/AIR: a null pointer vulnerability that could allow malicious code execution
- Flash/AIR: a stack overflow vulnerability that could allow malicious code execution
- Flash/AIR: a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a malicious link or dialog
- Flash/AIR: a URL parsing heap overflow vulnerability that could allow malicious code execution
- Flash/AIR: an integer overflow vulnerability that could allow malicious code execution
- Flash/AIR: a local sandbox vulnerability that could allow unauthorised information disclosure when a SWF file is saved to the hard drive
03 August 2009
Tags: flash air bugs security adobe mac adobe flash hack vulnerabilities patch flaws acrobat reader silverlight memory corruption vulnerability null pointer vulnerability stack overflow vulnerability privilege escalation vulnerability url parsing vulnerability heap overflow vulnerability clickjacking vulnerability swf
Comments: 0
Add Comment