• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Adobe Issues a Fix for a Flash Vulnerability That Could Allow Browser Data to be Stolen


    A well-known vulnerability in Adobe’s Flash player which allows malicious users to steal browser data, including cookies, on Macs, PCs and Linux machines has recently been exploited for the first time, prompting Adobe to issue a patch and urge users to upgrade their system as soon as possible. According to Adobe, Flash Player version 14.0.0.125 and earlier for Mac and Windows version 11.2.202.378 and earlier for Linux suffer from the bug. Mac and Windows users should update to version 14.0.0.145 while Linux users should update to version 11.2.202.394.

    The flaw relies on specially-crafted SWF files that consist entirely of alphanumeric characters which will be executed by Flash Player even though they aren’t valid Flash files. The malicious files can take advantage of the special privileges granted to embedded objects on the web page, making cross-domain requests on behalf of a user an capturing returned data. In addition to the end-user migration, website owners can patch the vulnerability, assigned CVE identifier CVE-2014-4671, on their end with one of a number of fixes identified by Google engineer Michele Spagnuolo.

    Those of you who want to check the version of Flash installed on your system can do so by visiting Adobe’s About Flash Player page or by right-clicking on Flash content in your browser and choosing “About Adobe (or Macromedia) Flash Player” from the contextual menu.

    Source: Adobe (Help), Michele Spagnuolo (blog)
    This article was originally published in forum thread: Adobe Issues a Fix for a Flash Vulnerability That Could Allow Browser Data to be Stolen started by Akshay Masand View original post