Topic: Adobe fixes critical Flash bugs

[Amker]

The most dangerous of the trio was described by Adobe as an input validation error that could be exploited by attackers who duped users into visiting a Web site and fed them malicious Flash content there. "[This] could lead to the potential execution of arbitrary code," Adobe said in a security advisory posted late yesterday.

Other bugs in the bunch could be used in cross-site request forgery (CSRF) attacks -- also called "one-click attacks," in which hackers insert script to a page they know users have already authenticated at, such as an online backing log-in URL -- or leak keypresses, added Danish vulnerability tracker Secunia ApS.

Adobe posted an updated edition of Flash that patches the problems; dubbed Version 9.0.47.0, the plug-in for Internet Explorer, Firefox, Netscape and Opera can be downloaded from the Adobe site. Patches for earlier versions -- including the 7.x line used in Solaris and Linux -- can be found here.

The last time Flash Player was patched was April, when Adobe repaired the Linux and Solaris plug-ins used with the Opera and Konqueror browsers. In March, Apple Inc. included a Flash fix in its 2007-003 security update that upped Mac OS X to Version 10.4.9.
pc world