Η Adobe released security updates to address major vulnerabilities in Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.341 and earlier for Linux.
New version intends to address the following vulnerabilities in Adobe Flash Player:
- CVE-2014-0503: reported by security researcher "Masato Kinugawa", which allows attackers to bypass the policy of origin.
Attackers can exploit this issue in order to gain access from resources of another origin, in the context of another domain. This can make it easier attacks of fake requests cross-site.
- CVE-2014-0504: reported by "Jordan Milne", which could be used to read the contents of the clipboard. "Clipboard" is used for storage data, such as text and images, but the bug could allow hackers to fill it with malicious URLs.
Source: iguru.gr