Accessibility

Security advisory

Flash Player workaround available for "Clickjacking" issue

Release date: October 7, 2008

Vulnerability identifier: APSA08-08

Platform: All Platforms

Summary

Adobe is aware of recently published reports of a ‘Clickjacking’ issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. It has been determined that this potential ‘Clickjacking’ issue affects Adobe Flash Player. Adobe recommends customers updgrade to the newest version 10.0.12.36. More information can be found in Security Bulletin APSB08-18.

For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.151.0, which can be downloaded from the following link.

Affected Software

Adobe Flash Player 9.0.124.0 and earlier

Solution

Adobe recommends all users of Adobe Flash Player 9.0.124.0 and earlier versions upgrade to the newest version 10.0.12.36 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted. More information can be found in Security Bulletin APSB08-18.

Severity Rating

Adobe categorizes this as a critical issue.

Acknowledgments

Adobe would like to thank Robert Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin for reporting this vulnerability and for working with us to help protect our customers' security.

Revisions

November 5, 2008 – Advisory updated with information on Flash Player 9.0.151.0 update
October 15, 2008 – Advisory updated with information on Security Bulletin APSB08-18
October 7, 2008 – Advisory first created