updated 09:20 am EST, Fri November 7, 2008
Flash Player 18.104.22.168
Adobe has quietly released an update for Flash Player 9, the last-generation version of its web animation technology. Despite the existence of Flash 10, the company has discovered six security vulnerabilities in the older software, which is still used by a number of people. Some issues addressed in the v22.214.171.124 patch include cross-site scripting vulnerabilities, and the possibility of DNS rebinding attacks.
DNS rebinding is said to be particularly dangerous, as it can let attacks bypass firewalls and engage in IP hijacking. Also fixed by the update is a problem with Mozilla-based browsers, in which a Flash interpretation of the "jar:" protocol could leak sensitive information. Mozilla itself has in the past issued fixes to Firefox relating to the protocol.