Unpatchable Flash Flaw Puts Users, Sites At Risk
Source: Tom's Guide US | Keywords: Flash, ActionScript, Security, Adobe, Exploit | Themes: The Internet, Software
There's a serious security hole in Adobe Flash that can't be patched.
Is the Internet a safer place thanks to the insane wash of Adobe Flash websites littering the Web? That's a firm negative. In fact, thanks to a recent revelation of an un-patchable security flaw in Flash, the Internet seems even more dangerous. With that said, surfers should be wary of sites that allow users to upload content.
According to Macworld, hackers can exploit a flaw in Flash that can compromise websites such as Google's Gmail, YouTube, and Flikr. Once the hackers breach the website, they can then launch silent attacks on visitors. Evidently, the problem resides in the Flash ActionScript same-origin policy. Hackers can upload malicious Flash objects and execute scripts in the context of that domain.
Mike Murray, the chief information security officer at Orlando, Fla.-based Foreground Security, said that the magnitude of the problem is huge. “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this," he said.
Mike Bailey, a senior security researcher at Foreground, demonstrated today on how a hacker can compromise a website using the Flash exploit. Unfortunately, Adobe informed Foreground that the flaw is "unpatchable." The company is now attempting to rectify the situation by addressing site administrators on how to patch the security hole on their end.
So far, Adobe isn't having any success, but Windows Live Hotmail and YouTube have figured out how to solve the problem on their own.
Follow me on twitter to get inside scoops and updates even faster!
-
Previous News Article
DiamonDisc DVDs Last 1,000 Years -
Next News Article
Bill Gates Praises Steve Jobs:...
What about Gmail?
Why doesn't Youtube/Windows live just tell them?
Youtube is owned by Google, no? So won't Gmail be patched too?
"According to Macworld, hackers can exploit a flaw in Flash..."
I stopped taking this seriously at this line.
What next?
"Acording to Macworld, pedophiles can pray on children who own Windows PCs..."
I read up a bit on this and it is an easily traceable hole. Sure hackers can exploit it, but its not a very serious threat. Seriously, Apple fails again.
Adobe needs to get a handle on their products. It just seems to be an endless stream of security flaws that come to light.
"According to Macworld, hackers can exploit a flaw in Flash..."I stopped taking this seriously at this line.What next?"Acording to Macworld, pedophiles can pray on children who own Windows PCs..."I read up a bit on this and it is an easily traceable hole. Sure hackers can exploit it, but its not a very serious threat. Seriously, Apple fails again.
This!
Even /. comments from anonymous cowards are more credible for "exploits" than a mac site. I've also noticed a lot more tech news being picked up there. Maybe you guys should be expanding your parrot reporting skills.
http://news.slashdot.org/story/09/ [...] orthcoming
ive seen this going on at myspace for ages.
!error! userrrr
Start using Silverlight.
ouch.
Maybe they'll fix this when they FINALLY COME OUT WITH FREAKIN 64 BIT FLASH!
>.>
Maybe they'll fix this when they FINALLY COME OUT WITH FREAKIN 64 BIT FLASH!>.>
We could only wish...
I have a love/hate relationship with flash. I love what it can do (vector art/animation, video player, games), but I hate when it's abused (flash ads, security problems)
Flash ads should be banned from the Internet. Then again, that is one of those situations where we can only wish.
Flash is a disease that has infected all major websites and needs to be eradicated. Bring on HTML5!
Seriosly I'm not surprised. Flash has been taken up by 1 year old programmers (1 year out vocational school that is ) as an easy way to call yourself a programmer and sell your worthless skills. Imaginge the Windows OS becoming popular among Mac users. That's Flash.
p.s. blame the spelling/grammar the flask of scotch
Hmm...
As a programmer, I can say that the "security flaw" that is exposed here is inherent in *any* client side programming techniques available for world wide web, be it ajax or flash or silverlight or whatever.
The client side application/applet/script/scriptlet trusts the server that they were originated from. That's perfectly logical.
You can think about it this way: You're the embassy personal sent from your country to another country. Then with some coup d'etat the government is overthrown in your home country and a military junta is ruling there. You will obey exactly what your new government says.
Ban Flash, we don't need the resource hogging advertisement platform.
Strange.
Why did I get a thumbs down?
If I am mistaken, please write it down. So that I can also learn about the mistake I made.
Flash is a disease that has infected all major websites and needs to be eradicated. Bring on HTML5!
because that won't have any security holes? its not like, "its not 'java' or 'flash' its just simple old html, what could possibly go wrong?" if its become as sophisticated as flash or java, it will have the same problems. more so if its new.
also, thats an awesome pic!
because that won't have any security holes?
My post was not in reference to the security holes, it was a general reference to the shockingly overused, poor performing, bandwidth-heavy bloatware that is Flash. I am honestly tired of waiting for sites built with large amounts of Flash to load. I don't go to a site to see a loading percentage, I go their for information. If I am made to wait for it to load pretty graphics that make usability appalling, I will go elsewhere.
This is why Flash don't run on my computer.