Adobe pulls a fast one…
What a way to have immediate deployment of a new product…don’t patch your old products to fix a vulnerability, release a new one…
Security Bulletin for Flash Player and Security Advisory for Flash Professional CS3
The big news today is that CS4 has launched, along with Flash Player 10. We have released a Security Bulletin to correspond with the Flash Player 10 release. Flash Player 10 addresses Flash Player-specific aspects of the overall clickjacking issue that has been making news recently, and also includes a mitigation for recent clipboard attacks as well as other security enhancements. For customers who cannot upgrade to Flash Player 10, a Flash Player 9 update is currently scheduled for early November. We’ve also posted a Security Advisory for Flash Professional CS3, informing customers of potential issues with malformed SWF files. Note that Flash CS4, and Flash Player, are not vulnerable to these issues.
We’d like to thank Robert Hansen and Jeremiah Grossman once again for their help, and extend special thanks to Liu Die Yu of TopsecTianRongXin for working with us on the clickjacking issue.
Posted by David Lenoe on October 15, 2008 10:59 AM | Permalink