Flash exploits could be a keylogger

By on

Adobe has issued 3 critical system updates for it’s popular Flash program, with one designed to stop a problem in a way Flash interacts with browsers, which could result in users’ key strokes transmitted to the attacker.

Adobe Flash Player versions 9.0.45.0, 8.0.34.0 and 7.0.69.0, and all previous versions running in all operating systems, are affected. According to Secuina, “An input validation error can be exploited to execute arbitrary code when a user e.g. visits a malicious website.” This problem effects version 9.0.45.0 and earlier.

Flash Player version 7.0.69.0 and earlier running on Solaris or Linux, malicious attackers could exploit the interaction between the player and certain browsers. This could potentially lead the keystrokes being leaked from the player. Version 9 is not affected.

Flash Player version 8.0.34.0 and earlier contain a bug due to insufficient HTTP referrer validation, and can be used to execute a cross-site forgery attack. Flash Version 9 is not affected.

Adobe recommends that people upgrade to Version 9.0.37.0 for Windows and Macs and 9.0.38.0 for Linux and Solaris. For the other two, Adobe has recommended that people upgrade to Flash Player 9.