Slashdot Mirror


Flash Vulnerability Found, Adobe Says No Fix Forthcoming

An anonymous reader writes "Security researchers at Foreground Security have found an issue with Adobe Flash. Any site that allows files to be uploaded could be vulnerable to this issue (whether they serve Flash or not!). Adobe has said that no easy fix exists and no patch is forthcoming. Adobe puts the responsibility on the website administrators themselves to fix this problem, but they themselves seem to be vulnerable to these problems. Every user with Flash installed is vulnerable to this new type of attack and — until IT administrators fix their sites — will continue to be."

11 of 355 comments (clear)

  1. OH NO!!! by Narcocide · · Score: 4, Funny

    Someone has found an issue with Flash?! Say it isn't so...

    1. Re:OH NO!!! by Monkeedude1212 · · Score: 4, Funny

      I lost count. Can someone help me out again? This time I'll count using Binary on my fingers.

    2. Re:OH NO!!! by Nerdfest · · Score: 4, Funny

      I have a sign bit.

    3. Re:OH NO!!! by The+Archon+V2.0 · · Score: 5, Funny

      I lost count. Can someone help me out again? This time I'll count using Binary on my fingers.

      I tried that, but when I got to 132 vulnerabilities, I felt that was an appropriate enough representation of my opinion and stopped counting.

    4. Re:OH NO!!! by Anonymous Coward · · Score: 3, Funny

      More importantly, what about ECC?

      I had a spasm in my left pinky and now I cant remember if its supposed to be bent or not.

    5. Re:OH NO!!! by badboy_tw2002 · · Score: 4, Funny

      Useful, but make sure no one is right in front of you when you get to four or they might punch you.

  2. iPhone by Anonymous Coward · · Score: 5, Funny

    I'm very angry that I can't use this vulnerability on my iPhone.

    1. Re:iPhone by Icegryphon · · Score: 5, Funny

      I'm very angry that I can't use this vulnerability on my iPhone.

      There is not an app for that?

  3. Re:Client or server? by jpmorgan · · Score: 3, Funny

    I know it's a lot to ask, but you could just RTFA. I guess I'll be the enabler today...

    Apparently it's a server-side vulnerability, but this puts users at risk since hijacking trusted websites makes it much easier to socially engineer malware onto people's computers. I.e., if gmail were to be compromised, and you login to gmail and there's a link to download some special gmail-improving program, a lot of people will download and install it, even though it was placed there by a hacker and not Google themselves.

  4. Warning - 2nd link points to a FLASH AD by tomhudson · · Score: 5, Funny

    Kind of ironic that an article that warns about flash vulnerabilities as:

    1. A flash interstitial ad
    2. A page loaded with flash

    Oh, wait - it's ComputerWorld. Sorry, I had my expectations too high.

  5. We need to move beyond Flash by ClosedSource · · Score: 4, Funny

    so we can have malware based on open standards.