2009
2008
Adobe - Security Advisories : APSB08-18: Flash Player update available to address security vulnerabilities
by marco (via)
Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.12.
Adobe Flash ads launching clipboard hijack attack
by marco
In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program
upnp/flash vulnerability
by marco
Flash lets you set arbitrary HTTP headers and POST to arbitrary hosts. Flash is just needed to set the SOAP header.
Jeremiah Grossman: New Flash XSS technique (thousands of websites at risk)
by mbertier (via)
- Move Flash files to a secondary domain – just as is recommended with all third-party / user generated / untrusted content. This solution has promise as it sets up some domain barriers in the event a vulnerable Flash file shows up linked from your website.
2007
2006
Security Changes in Macromedia Flash Player 7
by marco & 1 other
sendandload HTTPS : If a non-HTTPS server serves the movie, but the movie downloads data from an HTTPS server - add the secure="false" attribute to your allow-access-from tag
2005
1
(16 marks)
