Flash Flaw Could be Major Risk for User-Generated Content Sites
Flash Flaw Could be Major Risk for User-Generated Content Sites
Posted 11/13/2009 at 7:23pm
| by Ryan Whitwam
4
Comments
Print
Security research firm Foregorund has made known today that there is yet another serious flaw in Abobe’s Flash plugin. The problem could potentially affect many of the sites we use every day. Researcher Mike Murray said, “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this."
The problem stems from the Flash ActionScript same-origin policy. This system is supposed to limit a Flash object’s access to content from its original domain. But if an attacker is able to insert malicious code into a Flash object, it can execute that code when run. Anyone viewing the malicious Flash object is vulnerable to attack.
Adobe and the researchers agree that the flaw is not easily corrected with a patch to Flash. "We see this as a generic problem that affects any site that allows active scripting, not just Flash, but things like JavaScript and Silverlight as well,” said Adobe’s Brad Arkin. Foreground has yet to see any examples of the attack in the wild, but they believe it could happen at any time. The only way to be completely safe from this attack is to stop using Flash or at least running the No Script add-on for Firefox.
More like this
Wildebeast
November 13, 2009 at 9:28pm
Gee ---Who would'n thunk it?
A program that runs automatically, eats my bandwidth, running video or slideshows, for which I cannot save My preferred ttings ---because they dump them, every time they load up a new AD. Basically, assuming that I've got broadband...
What could possibly go wrong?
I went to Firefox, because it could block pop-ups and annoying ADs. Pop-ups are less intrusive than Flash.
I know Security "experts" haven't taken 3-4 years to figure this out. (It does seem really odd, that this is the first time I've seen it mentioned, any where.)
I also gave up on Acrobat ---as all I use it for is reading PDFs. Foxit does the same thing --just fine.
DBsantos77
November 13, 2009 at 8:37pm
Flash and Reader are two of Adobe's most vulnerable solutions. -_-
-Santos
fnordfnord
November 13, 2009 at 9:39pm
And the irony is that they're likely the most widespread and most used.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Analysts: 9-Inch Kindle Fire This Summer http://t.co/QDYApwCZ1 day 3 hours ago
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm1 day 6 hours ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ1 day 8 hours ago
