Flash Vulnerabilty In The Wild

Posted by Bill McGonigle Wed, 28 May 2008 00:18:00 GMT

Ouch.

Every flash-enabled web browser without a Flash-blocking feature (ala NoScript) is vulnerable to remote compromise.

Having this much exposure completely controlled by one proprietary 3rd-party closed-source vendor is bad for the ecosystem. There’s a Free Flash clone underway, but it’s not good enough to replace Flash for many sites that require Flash, and many sites now require Flash.

Please, website designers: Stop hurting the web. Make sites that can be used without Flash, and add all the glam you want around it. Because Flash isn’t an open standard this problem will always exist. AJAX and SVG can accomplish all or most of what Flash can do, and any talented designer can figure these out.

Update: Adobe has updated their info, and it appears the very latest version (9,0,124,0) is not exploitable, thus this is not zero-day, and I didn’t need to publish this article. Title was: “0-Day Flash Vulnerability In The Wild”.

del.icio.us:Flash Vulnerabilty In The Wild digg:Flash Vulnerabilty In The Wild reddit:Flash Vulnerabilty In The Wild spurl:Flash Vulnerabilty In The Wild wists:Flash Vulnerabilty In The Wild simpy:Flash Vulnerabilty In The Wild newsvine:Flash Vulnerabilty In The Wild blinklist:Flash Vulnerabilty In The Wild furl:Flash Vulnerabilty In The Wild fark:Flash Vulnerabilty In The Wild blogmarks:Flash Vulnerabilty In The Wild Y!:Flash Vulnerabilty In The Wild smarking:Flash Vulnerabilty In The Wild magnolia:Flash Vulnerabilty In The Wild segnalo:Flash Vulnerabilty In The Wild
Trackbacks

Use the following link to trackback from your own site:
http://blog.bfccomputing.com/articles/trackback/4760

Comments

Leave a response

Comments