Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flash Vulnerabilities Affect Thousands of Sites

Posted by kdawson on from the waves-of-shock dept.

An anonymous reader sends us to The Register for this security news. The problem is compounded by the fact that some of the most popular Web development tools for generating SWF produce files containing the recently disclosed vulnerabilities. "Researchers from Google have documented serious vulnerabilities in Adobe Flash content which leave thousands of websites susceptible to attacks that steal the personal details of visitors. A web search reveals more than 500,000 vulnerable applets on major corporate, government and media sites. Removing the vulnerable content will require combing through website directories for SWF files and then testing them one by one. Updates in the Adobe software that renders SWF files in browsers are also likely, but they probably wouldn't quell the threat completely... No patch in sight from Adobe, that's the price to pay for depending on proprietary solutions."

2 of 214 comments (clear)

  1. The price comes in.. by Junta · · Score: 4, Interesting

    With respect to the "No patch in sight from Adobe" part, of course. If such a flaw was discovered by security researchers in firefox, they could do better than merely report the problem, it is within their power to correct the code and issue a third party patch/update if mainstream won't act. The vulnerability may not intrinsically be due to the proprietary nature (though external code audits might arguably occur to help, but I wouldn't guarantee it), but solving those problems cannot be done in a proprietary system except by the vendor.

    The community might ignore such a patch, and it might not even happen that often, but if things were generally dire enough in a projects mainstream, a new leadership could fork the project and that is not unheard of in projects. Of course, it's common for distributions to apply security updates to their packages before upstream merges them, so it isn't *that* strange.

    Not related to security, but the current version of the flash plugin, for example, breaks compatibility with linux opera and konqueror due to Xembed, and packagers hands are kind of tied in terms of what to do about it. Of course, can also point out the ATI drivers, which suffer greatly from problems and are dealt with in a way that doesn't work.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  2. Re:Preference by piojo · · Score: 4, Interesting

    Anyone who thinks having videos as flvs will keep the majority of people from "stealing" content clearly hasn't done a search for "save flv" on google. I'm certain that 90% of youtube users don't even know what a .flv is, let alone that they can be saved. Saving them even gives me trouble, and I've written screen scrapers and a (dysfunctional) web spider. Then again, I don't use flash sites enough to know what the proper ripping tools are, and I use Linux, so the proper tools may not exist for me.
    --
    A cat can't teach a dog to bark.