Thursday, February 11, 2010

New Flash player vulnerability, v10.0.45.2 released

Quoting Adobe Security Bulletin,
a critical vulnerability has been identified in Adobe Flash Player version and earlier. This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests.
Adobe recommends users of Adobe Flash Player and earlier versions update to Adobe Flash Player

I think this translates to "any website with a malicious flash object can make requests to websites with private information such as email, bank accounts etc". I might be wrong. But unauthorized cross-domain requests are not good. At least the vulnerability does not allow arbitrary code execution, but these days, if you can take over the browser, you are almost as good as taking over the machine itself.

Secbrowsing points to version