A slight variation of a previously designed clickjacking attack that used a Adobe Flash vulnerability has once again made it possible for website administrators to surreptitiously spy on their visitors by turning on the user's computer webcam and microphone.
There's a new Mac OS X Trojan in town, and it masquerades as a FlashPlayer.pkg installer, warns F-Secure.
Critical vulnerabilities have been identified in Adobe Flash Media Server (FMS) 4.0 and earlier versions, Adobe Flash Media Server (FMS) 3.5.4 and earlier versions, and Adobe Flash Media Server (FMS) 3.0.5 and earlier versions for Windows and Linux. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system.
Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.