Adobe patches serious security bugs in Flash Player

Adobe recommends that application users quickly install a newly released update for the Flash Player application to avoid becoming a victim of denial-of-service attacks.

This bug in Adobe's Flash Player fixes this time involves Flash Remoting - a Flash-based server service application. An attacker can use some form of Flash Remoting code to send control commands to the ColdFusion server to trigger a continuous process of continuous execution.

In this case if the server does not restore the application control, the attacker will take advantage of it to illegally hack and organize a denial of service attack.

Not only that, but Adobe's experts also discovered a number of templates (templates) ColdFusion Markup Language (CFML) that is allowed to run outside of Sandbox - a separate protection area for user-level applications - can be remotely loved Bridge executes ColdFusion components within the Sandbox.

To exploit this security vulnerability an attacker needs to create a malicious Flash SWF object and download it to Flash Player or the user's browser. However, Adobe has not yet discovered such a malicious Flash object.

But according to the "tradition" maybe such malicious codes will quickly be distributed on the Internet. Users should quickly install security updates.

Hoang Dung