Zero Day
Latest Post |
Last 10 Posts |
Archives
Previous Post: Apple turns to Google for Safari anti-phishing
Next Post: Anti fraud site hit by a DDoS attack
Adobe AIR hits 'critical' security turbulence
Posted in:
- Adobe
- Arbitrary Code Execution
- Browsers
- Data theft
- Exploit code
- Flash
- Java
- Malware
- Passwords
- Patch Watch
- Responsible disclosure
- Web 2.0
Buried in today's flurry of feel-good Adobe news is this less flattering nugget: Adobe AIR is vulnerable to several critical vulnerabilities that could expose users to code execution attacks.
The company released AIR 1.5 with fixes for previously discussed flaws in Flash Player (which is embedded into AIR) and a patch for a separate issue that allows the execution of untrusted JavaScript with elevated privileges.
As this bulletin explains, the issues are all remotely exploitable:
- A vulnerability has been identified in Adobe AIR 1.1 and earlier that could allow an attacker who successfully exploits this potential vulnerability to execute untrusted JavaScript with elevated privileges. An Adobe AIR application must load data from an untrusted source to trigger this potential vulnerability. In addition, AIR 1.5 includes a Flash Player update to resolve the critical issues outlined in Flash Player Security Bulletin APSB08-22, as well as issues included in Flash Player Security Bulletins APSB08-20 and APSB08-18. Adobe recommends AIR customers update to Adobe AIR 1.5. These issues are remotely exploitable.
Adobe recommends all users of Adobe AIR 1.1 and earlier versions upgrade to the newest version AIR 1.5 by downloading it from the AIR Download Center, or by using the auto-update mechanism within the product when prompted.
posted by Ryan Naraine
November 17, 2008 @ 1:59 pm
Previous Post: Apple turns to Google for Safari anti-phishing
Next Post: Anti fraud site hit by a DDoS attack
Last 10 posts:
more Posts (Archives)
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
