Adobe addresses Flash Player 'clickjacking' flaw
Flash Player 10 update addresses flaws enabling attackers to fool users into visiting malicious Web sites. It also helps prevent attacks on Webcams and microphones.
Adobe Systems has addressed a security flaw in its Flash Player products that could lead to 'clickjacking' attacks.
, includes a fix for the clickjacking vulnerability published by researchers Jeremiah Grossman and Robert Hansen earlier this month.
"Flash Player 10 addresses Flash Player-specific aspects of the overall clickjacking issue," Adobe product security program manager David Lenoe wrote in a blog post Wednesday.
The Flash Player 10 update also helps prevent a, according to an Adobe security advisory. This variant of the attack could allow eavesdropping.
The update contains four more security fixes, including a mitigation against clipboard attacks and a fix for a port-scanning issue. For customers who cannot upgrade to Flash Player 10, a Flash Player 9 update is currently scheduled for early November, according to the advisory.
On Wednesday, Adobe also published a security advisory for Flash Creative Suite 3 Professional, warning of a potential flaw that allows an attack using malformed SWF files. Flash Creative Suite 4, released on Wednesday, and Flash Player products, are not affected by this issue.
Tom Espiner of ZDNet UK reported from London.