Flash Vulnerabilities Affect Thousands of Sites

An anonymous reader sends us to The Register for this security news. The problem is compounded by the fact that some of the most popular Web development tools for generating SWF produce files containing the recently disclosed vulnerabilities. "Researchers from Google have documented serious vulnerabilities in Adobe Flash content which leave thousands of websites susceptible to attacks that steal the personal details of visitors. A web search reveals more than 500,000 vulnerable applets on major corporate, government and media sites. Removing the vulnerable content will require combing through website directories for SWF files and then testing them one by one. Updates in the Adobe software that renders SWF files in browsers are also likely, but they probably wouldn't quell the threat completely... No patch in sight from Adobe, that's the price to pay for depending on proprietary solutions."

this isn't fixing the problem!

[wizardforce]

"patching" the vulnerabilities is complicated, since the issues exist in the SWF files themselves and not in Flash player, so the only solution is for website owners to re-generate their Flash applets with the updated generators, which should be out shortly.

why exactly is this not considered a problem with the flash player its self if it is executing code it shouldn't be? fixing the swf files themselves doesn't really solve the problem if it is still possible to create malformed swf files which can later be used in attacks because the flash player still handles that malformed code the same as always. right? this vulnerability can still be exploited by those who use the old swf generator to produce malformed swf files that still cause the problem in the flash players themselves.