Adobe Flash Player的佔有率在瀏覽器上不分作業系統
佔有率高達98%,這個佔有率比Windows所有版本的佔有率都要來的高!
這個漏洞危險性不高,主要是被發現透過某些方法可以繞過Flash Player的安全限制
影響的範圍為所有的Flash Player V9.X的版本
1) An error while enforcing cross-domain policy files can be exploited to bypass certain security restrictions.
This is related to vulnerability #4 in:
SA28161
2) An ActionScript implementation error can be exploited to determine if a port on a remote host is opened or closed.
This is related to vulnerability #8 in:
SA28161
3) The problem is that the "FileReference.browse()" and "FileReference.download()" methods can be called without user interaction and can potentially be used to trick a user into downloading or uploading files.
要修正這個安全漏洞只需要將Flash Player更新至前不久才發佈的Flash Player V10
沒有留言:
張貼留言