Skip to main content

Unpatchable Flash Flaw Puts Users, Sites At Risk

Is the Internet a safer place thanks to the insane wash of Adobe Flash websites littering the Web? That's a firm negative. In fact, thanks to a recent revelation of an un-patchable security flaw in Flash, the Internet seems even more dangerous. With that said, surfers should be wary of sites that allow users to upload content.

According to Macworld, hackers can exploit a flaw in Flash that can compromise websites such as Google's Gmail, YouTube, and Flikr. Once the hackers breach the website, they can then launch silent attacks on visitors. Evidently, the problem resides in the Flash ActionScript same-origin policy. Hackers can upload malicious Flash objects and execute scripts in the context of that domain.

Mike Murray, the chief information security officer at Orlando, Fla.-based Foreground Security, said that the magnitude of the problem is huge. “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this," he said.

Mike Bailey, a senior security researcher at Foreground, demonstrated today on how a hacker can compromise a website using the Flash exploit. Unfortunately, Adobe informed Foreground that the flaw is "unpatchable." The company is now attempting to rectify the situation by addressing site administrators on how to patch the security hole on their end.

So far, Adobe isn't having any success, but Windows Live Hotmail and YouTube have figured out how to solve the problem on their own.

Follow me on twitter to get inside scoops and updates even faster!