+ Post New Thread
Results 1 to 2 of 2
*nix Thread, Flash Player 9 beta for Linux in Technical; Adobe on Wednesday released a beta of a Flash Player 9 for Linux and said that it is working on ...
  1. #1

    Join Date
    Jan 2006
    Thank Post
    Thanked 1,032 Times in 812 Posts
    Rep Power

    Flash Player 9 beta for Linux

    Adobe on Wednesday released a beta of a Flash Player 9 for Linux and said that it is working on 64-bit editions of Flash.

    The final Flash Player 9 on Linux is due early next year. According to an FAQ put out by Adobe, the Linux version will support the same features as Flash on Macintosh and Windows.

    The beta of Flash Player 9 for Linux supports most of the features except a full-screen mode and support for SSL (secure sockets layer) encryption.

    The company declined to indicate when the final version of future 64-bit versions will be available.

    People can develop applications using Adobe's Flex 2 software developer's kit, and those Flash programs will run on Windows, Macintosh or Linux, according to Adobe.

  2. #2

    Join Date
    Jan 2006
    Thank Post
    Thanked 1,032 Times in 812 Posts
    Rep Power

    Re: Flash Player 9 beta for Linux

    Doh !

    Two vulnerabilities have been found in Adobe Flash Player version 7.0.63 for Linux -- as well as earlier versions -- that provide an opportunity for attackers to send arbitrary HTTP requests from an unsuspecting user's browser, reports Rapid7 LLC in a security advisory published Tuesday.

    These vulnerabilities could be used in concert with cross-site request forgery (CSRF) vulnerabilities to steal cookies or other private information, Rapid7 said. The exploits can be carried out through the vulnerabilities when Flash 7.0.63 is used with Firefox for Linux.

    The two vulnerabilities reported are as follows:

    * XML.addRequestHeader() Vulnerability -- The addRequestHeader() method insufficiently secures itself, providing a way around a security restriction that does not permit developers to use addRequestHeader() to set headers such as Host, Referer or Content-Length. As a result, it is possible to inject arbitrary headers with HTTP requests. The Rapid7 security paper points out that this vulnerability is similar to other, previously-reported vulnerabilities in Adobe Flash 7 and 8.

    * XML.contentType Vulnerability -- The XML.contentType attribute contains the same vulnerability found in the addRequestHeader() and it can be exploited in the same way because Adobe Flash does not check the validity of the attribute's value before building the HTTP request.

    According to Rapid7, Adobe was notified of the vulnerabilities but has not yet released a fix or upgrade to Adobe Flash Player. To protect from the risk of attack, Rapid7 offers these solutions in the interim:

    * Only allow trusted Websites to use Flash
    * Use alternative Flash Plugins (GplFlash, Gnash)
    * Uninstall Adobe Flash Player

    According to Adobe, there are 700 million Adobe Flash users worldwide.

    Rapid7 was founded in 1999 by a team of software industry veterans who were major contributors to product development at Percussion Software, Bond Technologies, and Stride & Associates.

+ Post New Thread

Similar Threads

  1. IE7 and Flash player problem
    By c.ward in forum Windows
    Replies: 3
    Last Post: 16th October 2007, 03:55 PM
  2. Deploying Flash Player 9
    By tosca925 in forum How do you do....it?
    Replies: 4
    Last Post: 9th May 2007, 04:59 PM
  3. Flash Player 9 and Shockwave Install
    By ICTNUT in forum Windows
    Replies: 20
    Last Post: 16th January 2007, 10:29 AM
  4. Replies: 31
    Last Post: 13th June 2006, 08:36 PM
  5. Problem with Flash Player
    By secman in forum Windows
    Replies: 8
    Last Post: 28th May 2006, 09:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts