Skip navigation

Flash Player Contains Several Vulnerabilities

Adobe released an update for its Flash Player, versions 9.0.115.0 and earlier. The company said that several critical security problems were discovered.

The problems include the possibility of conducting DNS rebinding attacks, execution of arbitrary code, input validation errors, and an issue with interpreting cross-domain policies. Many of the problems were first brought to light in December 2007.

The security enhancements introduced by the update could affect existing Flash content, possibly rendering it inoperable unless necessary changes are made. According to a document published by Adobe, network-enabled Flash content might need to be adjusted to work properly. The new player introduces the use of socket master policy files, socket meta-policies, and strict socket rules. Formerly socket policies were optional, but with this latest update socket policies become mandatory.

The Flash Player update is available at Adobe's Web site. The company also maintains a Flash version checker Web page that can help determine what version of Flash is installed in a given browser.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish