House Help
Safety advisories Safety bulletin Flash Participant update obtainable to deal with security vulnerabilities
Release date: October 15, 2008
Vulnerability identifier: APSB08-18
CVE amount: CVE-2007-6243, CVE-2008-3873, CVE-2007-4324, CVE-2008-4401, CVE-2008-4503
Platform: All Platforms
Summary
Potential vulnerabilities happen to be recognized in Adobe Flash Player nine.0.124.0 and before that could permit an attacker who effectively exploits these prospective vulnerabilities to bypass Flash Participant safety controls. Adobe recommends users update to the most current model of Flash Player obtainable for their platform. Because of to your chance that these protection enhancements and modifications may possibly influence current content material, consumers are recommended to evaluation this Adobe Developer Middle report to determine if their subject material is going to be impacted,
Office 2010 Pro Key, and to start implementing essential alterations instantly to help make sure a seamless transition.
This update addresses the difficulty formerly noted in Safety Advisory APSA08-08. The Flash Participant 10.0.twelve.36 and Flash Player 9.0.151.0 updates also address the issues outlined in Security Bulletins APSB08-20 and APSB08-22.
Revisions
November 17, 2008 – Bulletin up-to-date with information within the AIR 1.five update and Security Bulletin APSB08-22
November 5, 2008 – Bulletin updated with details within the Flash Player 9.0.151.0 update
October 15, 2008 – Bulletin 1st created
Impacted computer software variations
Adobe Flash Player nine.0.124.0 and previously.
To confirm the Adobe Flash Player model number, entry the About Flash Player web page,
Office 2010 Key, or right-click on Flash content and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution
Adobe suggests all customers of Adobe Flash Participant nine.0.124.0 and before variations upgrade to the newest model ten.0.twelve.36 by downloading it from the Participant Download Middle, or by using the auto-update mechanism within the product when prompted.
For users who cannot update to Flash Player 10, Adobe has developed a patched edition of Flash Player 9,
Windows 7 Home Premium Product Key, Flash Player 9.0.151.0, which can be downloaded from the following link.
Severity rating
Adobe categorizes this as a critical update and recommends impacted users upgrade to model ten.0.12.36.
Details
Due towards the likelihood that these security enhancements and modifications may possibly influence current content, buyers are recommended to assessment this Adobe Developer Connection post to find out if their subject material will be impacted, and also to get started applying necessary alterations right away to aid make certain a seamless transition.
The Flash Participant ten.0.12.36 and Flash Player nine.0.151.0 updates also tackle the problems outlined in Security Bulletins APSB08-20 and APSB08-22.
This update addresses a prospective ‘Clickjacking’ problem in Flash Participant. Clickjacking is an issue in multiple web browsers that can let an attacker to lure a web browser user into unknowingly clicking on a link or dialog. This update helps prevent a Clickjacking attack on a Flash Participant user’s camera and microphone. (CVE-2008-4503)
This update includes further modifications to enhance Flash Player’s interpretation of cross-domain policy files. These alterations could aid prevent privilege escalation attacks against web servers hosting Flash subject material and cross-domain policy files. For more info,
Windows 7 Pro, see the following section of the “Adobe Flash Participant ten Security Changes” Adobe Developer Connection article. (CVE-2007-6243)
This update introduces functionality to further mitigate a possible port-scanning issue. For more info, see the following Adobe Developer Connection article. (CVE-2007-4324)
This update introduces alterations to the Clipboard API that will prevent likely ‘Clipboard attacks’. For more details, see the following section of the "Adobe Flash Participant 10 Security Changes" Adobe Developer Center post. (CVE-2008-3873)
This update introduces changes to the FileReference upload and download APIs to require user interaction. For more information,
Office 2010 Key, see the following section of the “Adobe Flash Participant ten Safety Changes” Adobe Developer Connection article. (CVE-2008-4401)
Affected software
Recommended player update
Availability
Flash Player nine.0.124.0 and earlier
10.0.12.36
Player Download Center
Flash Player nine.0.124.0 and previously - network distribution
10.0.twelve.36
Player Licensing
Flash Participant 9.0.124.0 and earlier for Linux
10.0.twelve.36
Player Download Center
AIR one.1
AIR one.5
AIR Download Center
Flash CS4 Professional
10.0.twelve.36
Adobe Flash Player 10 Update for Flash CS4 Professional
Flex 3
10.0.twelve.36
Flash Debug Player Updater
Acknowledgments
Adobe would like to thank Robert Hansen of SecTheory and Jeremiah Grossman of WhiteHat Safety, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin for reporting the Clickjacking vulnerability and for working with us to help protect our customers' protection. (CVE-2008-4503)
Adobe would like to thank fukami of SektionEins for reporting the port-scanning concern. (CVE-2007-4324)
Windows 7 Home Premium Product Key Adobe - Securit
Linear Mode
