Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe issued a Flash Player update that quashes a number of critical security flaws and introduces an easier way for users to delete Flash cookies.
The update to Flash Player 10.3 integrates with various web browsers to allow users to manage and delete Flash Player local storage, also known as local shared objects (LSOs) or Flash cookies.
Much like browser cookies, Flash cookies are a mechanism to store information about a user's preferences for websites that use Adobe Flash.
Researchers have warned since 2009 that some websites and advertising networks abuse Flash cookies to restore browser cookies after they have been deleted by a user, a process known as “browser cookie respawning, which effectively bypasses users' efforts to avoid being tracked online.
Flash Player 10.3 mitigates this privacy issue with the inclusion of a new API, called ClearSiteData NPAPI, which allows supported web browsers to communicate a user's preference to wipe data stored by Flash Player. As a result, users will be able to clear both browser and Flash cookies from their web browser settings menu.
Previously, users were able to delete Flash cookies, but it could not be done through a web browser and the process was not user-friendly, Adobe senior manager Wiebke Lips said..
The new functionality is already supported on Internet Explorer 8 and 9 and Mozilla Firefox.
It is currently in the beta channel for Google Chrome and is expected to be available for Apple Safari in a future release.
We applaud the change,” Internet Explorer program manager Andy Zeigler wrote in a blog post. “It resolves a longstanding privacy issue.
The Flash Player update also includes fixes for several critical vulnerabilities which could cause an application to crash to potentially allow an attacker to take control of an affected system, Adobe said.
The update, available for Flash Player for Windows, Mac, Linux and Solaris operating systems, as well as Google's Chrome web browser and Android mobile operating system, fixes 11 security vulnerabilities in total.
Adobe has identified malware in the wild that is attempting to exploit one of the memory corruption flaws via a Flash file embedded in a Microsoft Word or Excel file delivered as an email attachment.
The company said it has not, however, come across a sample that successfully completes the attack.
The update also includes a new auto-update notification mechanism for Apple's Mac OS X.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.