Adobe has issued a critical level security alert for its Flash software.

 

The alert is in regard to a practise called clickjacking, where a web page is subverted so that when a visitor clicks on a link they are redirected to a site the hacker wants them to see.

 

Jeremiah Grossman, co-founder of Whitehat Security, and one of the researchers who uncovered the technique, said: “Let's be clear. The responsibility of solving clickjacking does not rest solely at the feet of Adobe as there is a ton of moving parts to consider.

 

“Everyone including browser vendors, Adobe (plus other plug-in vendors), website owners (framebusting code) and web users (NoScript) all need their own solutions in case the others don't do enough or anything at all.”

 

The Adobe Flash Player 9.0.124.0 and earlier are affected by the attack, though Adobe is working to address this issue in an upcoming update to Flash Player. Grossman warned that almost all browsers are vulnerable because of the way they process graphics, and only text-based browsers like Lynx are secure.