3/30/2008

Adobe Tackles Flash Flaw

Filed under: — By Aviran Mordo @ 3:17 pm

Adobe is working on an update to its Flash Player software that will address a widespread vulnerability found on hundreds of thousands of Web sites.

The issue, first reported in December by Google researcher Rich Cannings, allows attackers to use buggy Shockwave Flash (.swf) files in order to attack Web surfers. Using what is known as a cross-site scripting attack, criminals could create fake phishing pages or, much worse, gain access to online banking sessions or Web accounts of victims in some situations.

After Cannings went public with his findings, Adobe and other software vendors fixed their development tools so they would no longer create the vulnerable Flash files, but there are still more than 500,000 of these files posted on different sites on the Internet, according to Cannings.

Because of the amount of work it would take to clean up the mess, Cannings had been encouraging Adobe to make changes to its Player software that would nullify these cross-site scripting attacks.

This fix is being developed and will be available “soon,” said Adobe spokesman Matt Rozen in an e-mail message.

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress