Archive for August, 2008

Clipboard attack

We are aware of recent press reports about a potential “Clipboard attack” issue that involves Flash Player. Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide.
This posting is provided “AS IS” with no warranties and confers no rights

Security Bulletin – Presenter

We have just released a Security Bulletin and update for Presenter to resolve potential cross-site scripting issues in content generated by Presenter. In addition to updating Presenter installations, customers may need to update any content previously deployed on their websites. Presenter 7 customers can update any deployed instances of viewer.swf and loadflash.js with the new files installed with the update. Presenter 6 customers will need to be more careful, as the new viewer.swf file may be incompatible with Presenter 6 content – so content may need to be re-generated.
This posting is provided “AS IS” with no warranties and confers no rights

Verifying Installers

We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.
We’d like to take this opportunity to reiterate the importance of validating installers and updates before installing them. First off, do not download Flash Player from a site other than adobe.com – you can find the link for downloading Flash Player here. This goes for any piece of software (Reader, Windows Media Player, Quicktime, etc.) – if you get a notice to update, it’s not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.
Second, all Adobe software for Windows is signed with a digital certificate that is validated by Windows when you install our software. The Publisher will always be ‘Adobe Systems, Incorporated’, and you can verify this when you double-click the installer, or by right-clicking on the installer, selecting ‘Properties’, and going to the ‘Digital Signatures’ tab.
For Flash Player in particular, you can always go to this page to verify what version of Flash Player you have installed, and what the current version of Flash Player is for your Operating System. The current Flash Player version is 9.0.124.0.
This posting is provided “AS IS” with no warranties and confers no rights