http://blog.bfccomputing.com/articles/2008/05/27/0-day-flash-vulnerabilty-in-the-wild en-us 40 My God, It's Full of Source! <p><a href="http://www.securityfocus.com/bid/29386/exploit">Ouch</a>.</p> <p>Every flash-enabled web browser without a Flash-blocking feature (ala <a href="http://noscript.net">NoScript</a>) is vulnerable to remote compromise.</p> <p>Having this much exposure completely controlled by one proprietary 3rd-party closed-source vendor is bad for the ecosystem. There&#8217;s a Free Flash clone underway, but it&#8217;s not good enough to replace Flash for many sites that require Flash, and many sites now require Flash.</p> <p>Please, website designers: <b>Stop hurting the web</b>. Make sites that can be used without Flash, and add all the glam you want around it. Because Flash isn&#8217;t an open standard this problem will always exist. AJAX and SVG can accomplish all or most of what Flash can do, and any talented designer can figure these out.</p> <p>Update: Adobe has updated their info, and it appears the very latest version (9,0,124,0) is not exploitable, thus this is not zero-day, and I didn&#8217;t need to publish this article. Title was: &#8220;0-Day Flash Vulnerability In The Wild&#8221;.</p> Tue, 27 May 2008 20:18:00 -0400 urn:uuid:ccfb87df-d8da-4171-8de3-3a71023108f9 Bill McGonigle http://blog.bfccomputing.com/articles/2008/05/27/0-day-flash-vulnerabilty-in-the-wild Web Development Internet Open Source Security http://blog.bfccomputing.com/articles/trackback/4760