James Delahunty
9 Apr 2008 23:35
Adobe's Flash Player is used to display graphics content on millions of websites around the world, as well as being one of the (if not "the") most used technologies to drive the Internet video revolution. As a result, it has support in a large number of browsers installed on users' machines, and so it is an attractive target for those who seek to deliver malware to your computer.
A term has even been coined to address the occurence and growth of malware being delivered to a users' PC through a flash advertisement; Malvertisement. It was a flash vulnerability that won Shane Macaulay a laptop at the PWN TO OWN convention when he successfully broke into a machine running Windows Vista.
"These vulnerabilities could be accessed through content delivered from a remote location via the user's web browser, e-mail client, or other applications that include or reference the Flash Player," Adobe wrote in its advisory, in which it classifies its patches as "critical".
Back in January of this year, Adobe and a group of related companies fixed their software to block malicious individuals from creating .SWF files that enabled cross-site scripting attacks.