Flash Vulnerability Found, Adobe Says No Fix Forthcoming

← Back to Stories (view on slashdot.org)

Flash Vulnerability Found, Adobe Says No Fix Forthcoming

Posted by timothy on Thursday November 12, 2009 @11:44AM from the more-from-the-slums-of-the-internet dept.

An anonymous reader writes "Security researchers at Foreground Security have found an issue with Adobe Flash. Any site that allows files to be uploaded could be vulnerable to this issue (whether they serve Flash or not!). Adobe has said that no easy fix exists and no patch is forthcoming. Adobe puts the responsibility on the website administrators themselves to fix this problem, but they themselves seem to be vulnerable to these problems. Every user with Flash installed is vulnerable to this new type of attack and — until IT administrators fix their sites — will continue to be."

15 of 355 comments (clear)

OH NO!!! by Narcocide · 2009-11-12 11:45 · Score: 4, Funny

Someone has found an issue with Flash?! Say it isn't so...
1. Re:OH NO!!! by Monkeedude1212 · 2009-11-12 11:48 · Score: 4, Funny
  
  I lost count. Can someone help me out again? This time I'll count using Binary on my fingers.
2. Re:OH NO!!! by Nerdfest · 2009-11-12 12:29 · Score: 4, Funny
  
  I have a sign bit.
3. Re:OH NO!!! by The+Archon+V2.0 · 2009-11-12 12:52 · Score: 5, Funny
  
  I lost count. Can someone help me out again? This time I'll count using Binary on my fingers.
  I tried that, but when I got to 132 vulnerabilities, I felt that was an appropriate enough representation of my opinion and stopped counting.
4. Re:OH NO!!! by BikeHelmet · 2009-11-12 13:07 · Score: 2, Funny
  
  Hmm... looks like you'll need 11 bits to count them all, so please do it in another room.
5. Re:OH NO!!! by Anonymous Coward · 2009-11-12 13:38 · Score: 3, Funny
  
  More importantly, what about ECC?
  I had a spasm in my left pinky and now I cant remember if its supposed to be bent or not.
6. Re:OH NO!!! by badboy_tw2002 · 2009-11-12 14:31 · Score: 4, Funny
  
  Useful, but make sure no one is right in front of you when you get to four or they might punch you.
iPhone by Anonymous Coward · 2009-11-12 11:51 · Score: 5, Funny

I'm very angry that I can't use this vulnerability on my iPhone.
1. Re:iPhone by Icegryphon · 2009-11-12 12:03 · Score: 5, Funny
  
  I'm very angry that I can't use this vulnerability on my iPhone.
  There is not an app for that?
2. Re:iPhone by Anonymous Coward · 2009-11-12 13:36 · Score: 1, Funny
  
  Droid Does!!
Re:Client or server? by jpmorgan · 2009-11-12 11:56 · Score: 3, Funny

I know it's a lot to ask, but you could just RTFA. I guess I'll be the enabler today...

Apparently it's a server-side vulnerability, but this puts users at risk since hijacking trusted websites makes it much easier to socially engineer malware onto people's computers. I.e., if gmail were to be compromised, and you login to gmail and there's a link to download some special gmail-improving program, a lot of people will download and install it, even though it was placed there by a hacker and not Google themselves.
Warning - 2nd link points to a FLASH AD by tomhudson · 2009-11-12 12:00 · Score: 5, Funny
Kind of ironic that an article that warns about flash vulnerabilities as:
1. A flash interstitial ad
2. A page loaded with flash
Oh, wait - it's ComputerWorld. Sorry, I had my expectations too high.
We need to move beyond Flash by ClosedSource · 2009-11-12 12:03 · Score: 4, Funny

so we can have malware based on open standards.
Re:Counting binary on your fingers. by v1 · 2009-11-12 12:56 · Score: 2, Funny

I'll have to find the right web site to browse to in order to handle the carry

--
I work for the Department of Redundancy Department.
Re:wait by AHuxley · 2009-11-12 17:19 · Score: 2, Funny

Wow, thats not nice. Way to much power in one web based tool.
This should all be so sandboxed and open sourced
Let some smart people around the world fix all this stuff :)
No bloat, faster, safer and Adobe can keep its secrets for media/vids ect.

--
Domestic spying is now "Benign Information Gathering"