New Flash Attack Has No Real 'Fix'

    Date13 Nov 2009
    Posted ByAnthony Pell
    Researchers show how Adobe Flash can be exploited in browsers when victim visits sites that accept user-generated content. Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it. The attack can occur on Websites that accept user-generated content -- anything from Webmail to social networking sites. An attacker basically takes advantage of the fact that a Flash object can be loaded as content onto a site and then can execute malware from that site to infect and steal information from visitors who view that content by clicking it.

    "Everyone is vulnerable to this, and there's nothing anyone can do to fix it by themselves," says Michael Murray, CSO for Foreground Security, which today posted demonstrations of such an attack against Gmail, SquirrelMail, and cPanel's File Manager. "We're hoping to get a message out to IT adminstrators and CIOs to start fixing their sites one at a time."

    Do you feel like you could be a victim of this attack, or do you think that you don't go to sites that would be risky enough to be subjected to this attack? How often do you look for vendor vulnerabilities like this? Please let us know!

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.