Flash Vulnerabilities Affect Thousands of Sites

An anonymous reader sends us to The Register for this security news. The problem is compounded by the fact that some of the most popular Web development tools for generating SWF produce files containing the recently disclosed vulnerabilities. "Researchers from Google have documented serious vulnerabilities in Adobe Flash content which leave thousands of websites susceptible to attacks that steal the personal details of visitors. A web search reveals more than 500,000 vulnerable applets on major corporate, government and media sites. Removing the vulnerable content will require combing through website directories for SWF files and then testing them one by one. Updates in the Adobe software that renders SWF files in browsers are also likely, but they probably wouldn't quell the threat completely... No patch in sight from Adobe, that's the price to pay for depending on proprietary solutions."

What...the...fuck

[A+beautiful+mind]

The authors have been working since the summer with Adobe, the developer of Flash, and the United States Computer Emergency Readiness Team to coordinate a remedy. But so far there is no estimate when patches may be released. A security update Adobe released this week for its Flash player doesn't fix the vulnerabilities, Stamos said. Adobe representatives didn't reply to emails seeking comment.

This is so irresponsible on so many levels! First of all Apple and their closed binary blob can go to hell with an attitude like this, second those security professionals should have really known better than to sit on a vulnerability like this for 6 months. 6 MONTHS. I can understand a month or two if we're talking about Oracle, but come on! There are always episodes like this to remind me not to use closed source programs.