Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flash Vulnerabilities Affect Thousands of Sites

Posted by kdawson on from the waves-of-shock dept.

An anonymous reader sends us to The Register for this security news. The problem is compounded by the fact that some of the most popular Web development tools for generating SWF produce files containing the recently disclosed vulnerabilities. "Researchers from Google have documented serious vulnerabilities in Adobe Flash content which leave thousands of websites susceptible to attacks that steal the personal details of visitors. A web search reveals more than 500,000 vulnerable applets on major corporate, government and media sites. Removing the vulnerable content will require combing through website directories for SWF files and then testing them one by one. Updates in the Adobe software that renders SWF files in browsers are also likely, but they probably wouldn't quell the threat completely... No patch in sight from Adobe, that's the price to pay for depending on proprietary solutions."

3 of 214 comments (clear)

  1. Re:I'm no fan of proprietary solutions, but... by Anonymous Coward · · Score: -1, Offtopic

    How does the extra apostrophe you put in the possessive "its" help your sentence? I don't get that part. I am crossing my fingers and hoping you master this simple rule of english.

  2. Stupidest Example by Anonymous Coward · · Score: -1, Offtopic

    Why the hell would you use a SWF for credit card details? Approx 100,000 CC numbers have been phished from this site and it's still live[toybox.com]

  3. this isn't fixing the problem! by wizardforce · · Score: 1, Offtopic

    "patching" the vulnerabilities is complicated, since the issues exist in the SWF files themselves and not in Flash player, so the only solution is for website owners to re-generate their Flash applets with the updated generators, which should be out shortly.
    why exactly is this not considered a problem with the flash player its self if it is executing code it shouldn't be? fixing the swf files themselves doesn't really solve the problem if it is still possible to create malformed swf files which can later be used in attacks because the flash player still handles that malformed code the same as always. right? this vulnerability can still be exploited by those who use the old swf generator to produce malformed swf files that still cause the problem in the flash players themselves.
    --
    Sigs are too short to say anything truly profound so read the above post instead.