Go Back   TechArena Community > ARENA > Web News & Trends
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 09-07-2014
Member
 
Join Date: May 2008
Posts: 388
"Rosetta Flash" flaw makes Adobe Flash vulnerable to attacks

Adobe releases a new version of Flash Player. It allows to block an attack to steal login to sites and Web services.

Adobe published a security bulletin for Flash Player. In other words, it is necessary to update Flash Player to fix critical vulnerabilities. Three problems were identified.

Internet Explorer 10 and 11 on Windows 8 and 8.1, the updated Flash Player is included in the Microsoft Patch Tuesday. For Windows and OS X, Flash Player for Google Chrome is automatically updated (note that this does not require an update of the browser itself).

In other cases, it is possible to know the version of Flash Player by visiting this page to proceed to the appropriate update. For Windows and OS X, the latest version of Flash Player is 14.0.0.145 and 11.2.202.394 for Linux.

The vulnerabilities addressed in Flash Player allow circumvention of security for both of them. For the third, Adobe has provided additional validation checks to ensure that Flash Player rejects malicious content.

Rosetta ascii

Engineer information security at Google, Michele Spagnuolo has revealed the third vulnerability and provides a tool called Rosetta Flash. It can convert Flash files with the .SWF into a SWF file valid only when consisted of alphanumeric characters and allowing an individual to use web attacks (via sites that accept bets online with SWF files).

According to Michel Spagnuolo, several popular sites were vulnerable including Google websites, YouTube, Twitter, Instagram, eBay, Tumblr. All were warned before the publication of the researcher and the fault was first communicated confidentially to Adobe.
Reply With Quote
Reply

  TechArena Community > ARENA > Web News & Trends
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: ""Rosetta Flash" flaw makes Adobe Flash vulnerable to attacks"
Thread Thread Starter Forum Replies Last Post
Cant get latest adobe flash player update, screen shows "blocked plug-in" AM-Anthony Windows Software 2 06-09-2012 10:47 AM
Adobe flash player error "Can't open application because it is not supported on this architecture" on Mac mini Romani Windows Software 2 30-05-2012 01:41 PM
How to fix "this video is not optimized for mobile" error using adobe flash player 10 Robert Beck Windows Software 5 24-07-2011 10:21 AM
Can?t play youtube video, get message "upgrade adobe flash player" Abrienne Technology & Internet 4 08-02-2011 08:01 PM
Error : "the application adobe flash has unexpectedly quit" geokilla Windows Software 3 17-11-2009 01:16 PM


All times are GMT +5.5. The time now is 03:35 PM.