Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flash Exploit Could Log Keystrokes

Posted by CmdrTaco on from the i-thought-adobe-was-good-in-a-wreck dept.

Kenyon Lessi writes "Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers. The problem affect Adobe Flash Player version 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms."

5 of 156 comments (clear)

  1. Great... by 6Yankee · · Score: 5, Funny

    ...and TFA has a Flash ad...

  2. Re:Can't trust 'em by also-rr · · Score: 5, Informative

    If you don't trust adobe you could always install the open source Flash plugin swfdec. It's come on a lot recently and now plays most things. Hopefully the heavy pace of development will continue - I'm seeing about 5 commits per day adding new stuff on the mailing list.

    --
    Think of the Children; Sleep with your Sister
  3. Re:Does it effect Flash Lite/Wii users? by EveryNickIsTaken · · Score: 5, Funny

    This therefore begs the question.. Can a keystroke logger also log waggles?

  4. Flash Player 9 is NOT affected by keystoke logging by Anonymous Coward · · Score: 5, Informative
    From the article: "In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected."

    Beautiful, but I guess this is slashdot and no one bothers to read the articles they submit. And yes, 9.0.45.0 still has a serious remote exploit flaw, but mixing these issues together is not the way to go.

  5. Re:Confusing Product Names by AKAImBatman · · Score: 5, Informative

    Shockwave was Macromedia's original online animation plugin. It is extremely feature-rich and quite fast at what it does. It's also quite large. So when a company called FutureWave created a much smaller vector-graphics competitor, Macromedia bought them out and renamed it "Shockwave Flash" to give the impression that Flash was a subset of their Shockwave technologies. (You'll notice that the Flash movie extension is "SWF". "ShockWave Flash")

    In reality, it was all just marketing BS. Flash had enough features to make animation authors (and later game developers) happy, so it quickly replaced the more heavyweight Shockwave. After the acquisition of Macromedia by Adobe, they stopped trying to maintain the charade and simply called it "Adobe Flash". There are still a few vestigial pieces of the software that refer to "Shockwave Flash", but they're slowly disappearing as time goes on.

    --
    Javascript + Nintendo DSi = DSiCade