"Rosetta Flash" flaw makes Adobe Flash vulnerable to attacks
Adobe releases a new version of Flash Player. It allows to block an attack to steal login to sites and Web services.
Adobe published a security bulletin for Flash Player. In other words, it is necessary to update Flash Player to fix critical vulnerabilities. Three problems were identified.
Internet Explorer 10 and 11 on Windows 8 and 8.1, the updated Flash Player is included in the Microsoft Patch Tuesday. For Windows and OS X, Flash Player for Google Chrome is automatically updated (note that this does not require an update of the browser itself).
In other cases, it is possible to know the version of Flash Player by visiting this page to proceed to the appropriate update. For Windows and OS X, the latest version of Flash Player is 184.108.40.206 and 220.127.116.114 for Linux.
The vulnerabilities addressed in Flash Player allow circumvention of security for both of them. For the third, Adobe has provided additional validation checks to ensure that Flash Player rejects malicious content.
Engineer information security at Google, Michele Spagnuolo has revealed the third vulnerability and provides a tool called Rosetta Flash. It can convert Flash files with the .SWF into a SWF file valid only when consisted of alphanumeric characters and allowing an individual to use web attacks (via sites that accept bets online with SWF files).
According to Michel Spagnuolo, several popular sites were vulnerable including Google websites, YouTube, Twitter, Instagram, eBay, Tumblr. All were warned before the publication of the researcher and the fault was first communicated confidentially to Adobe.
|Tags: adobe, adobe flash, flash player, rosetta flash|
|Thread Tools||Search this Thread|
|Similar Threads for: ""Rosetta Flash" flaw makes Adobe Flash vulnerable to attacks"|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Cant get latest adobe flash player update, screen shows "blocked plug-in"||AM-Anthony||Windows Software||2||06-09-2012 10:47 AM|
|Adobe flash player error "Can't open application because it is not supported on this architecture" on Mac mini||Romani||Windows Software||2||30-05-2012 01:41 PM|
|How to fix "this video is not optimized for mobile" error using adobe flash player 10||Robert Beck||Windows Software||5||24-07-2011 10:21 AM|
|Can?t play youtube video, get message "upgrade adobe flash player"||Abrienne||Technology & Internet||4||08-02-2011 08:01 PM|
|Error : "the application adobe flash has unexpectedly quit"||geokilla||Windows Software||3||17-11-2009 01:16 PM|