Thursday, October 16, 2008

Adobe Releases Flash Player 10 to Address Security Vulnerabilities (Clickjacking)

Adobe Systems has released a new version of its Flash Player software. This version includes a fix for the critical security bug that allowed hackers to hijack your browser in what's come to be known as a clickjacking attack.

On Oct 15, 2008 Adobe released a Security advisory called Flash Player update available to address security vulnerabilities that announced the availability of new Flash Player 10 software. The advisory states in part:

Summary
Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users update to the most current version of Flash Player available for their platform.


Affected software versions
Adobe Flash Player 9.0.124.0 and earlier.


Severity rating
Adobe categorizes this as a
critical update and recommends affected users upgrade to version 10.0.12.36.

Action Required: Ag IT recommends that you update the Adobe Flash Player on your Enterprise machine to mitigate the effects of clickjacking.
  1. To verify the Adobe Flash Player version number, you can visit the About Flash Player page. If this version is Flash Player 9.0.124.0 and earlier, please complete the remaining steps.
  2. To update to current Adobe Flash Player version, go to the Player Download Center.
  3. Click Agree and install now.
  4. Follow on-screen steps to install.
  5. When the installation completes, you should see the current version of Flash Player displayed on the screen.

Note: If you use multiple browsers, perform the check for each browser you have installed on your computer.

No comments: