Sign up for a new account or log in here:
also @ TechSpot: Bill Gates is once again the richest person in the world
Adobe is contending that it is not entirely their issue. Other active scripting could also be made vulnerable, such as JavaScript or Silverlight, along with any site that relies on these to provide a mechanism for users to upload files. Because of that, Adobe said the problem is not fixable through a Flash update. Instead, it is on the shoulders of administrators whose servers use Flash. Adobe also suggests it is the responsibility of app developers to be security-minded and prevent this sort of thing from happening.
This isn't the first severe flash flaw to emerge this year. Only a few months ago, a "critical" vulnerability was discovered and published. Earlier in the year, Adobe was tackling a host of other security issues with Flash as well. This newly-discovered vulnerability could prove to be the worst yet -- and it doesn't help that Adobe is claiming the flaw is "unpatchable". A solution must be discovered, but it may be something that has to happen on a developer, browser or OS level instead of through Flash.
User Comments: 12
Got something to say? Post a comment-
tengeta said:
Its cool how Adobe bought out Flash and then turned it into an even bigger vulnerability than Windows itself.
-
Xclusiveitalian said:
There going to have to release a whole new version asap thanks for the notice!
-
IvanAwfulitch said:
Lol.
No, seriously. LOL! An unpatchable flaw and they only just found it? Adobe has been out there for how long? I can understand that it might be a roundabout way to hack it, but all it takes is uploading malicious code! That's as easy as it gets! Good job, Adobe. I applaud your inadequacy.
-
Like it says, it's not entirely adobes, but the add of some other scripting that generates the blackhole.
-
This give new hope to the migration from flash... I just cant wait for HTML5 to replace the need for flash player (Google need to set an example, by making youtube flash free ... I love the HTML5 youtube demo page).
-
Riiiight.. This is really non-news. Honestly, I have never even HEARD of a website that utilizes Flash to allow users to upload content for other users to download. Are you kidding me? How is this even exploitable? Someone name me a single site that does this. If there is such a thing, then all they need to do is use some other method for distribution. Simple-as-all-hell-fix.
Also, the article mentions that other things involving scripting (Actionscript is VERY similar to java script
can suffer from similar back doors. But honestly, how is this even considered a threat? There are so many prerequisites that I feel like this article is merely embracing sensationalism in the pursuit of a story. Bah. -
Read the article again- it's not about using flash to upload content, it's about uploading malicious flash objects. According to a followup from the researcher, Adobe has 4 or 5 of these vulnerabilities on their own servers. Other demonstrations of vulnerable sites included Gmail and other popular web applications.
Not exactly non-news.
-
Like pointed out...can't wait for HTML 5. A very large percentage of my 'exposure' to flash is youtube.
-
I feel like JS having big security holes isn't new news; Flash is just another application through which JS's script defects can manifest themselves.
-
Darth Shiv said:
flannelwarrior said:I feel like JS having big security holes isn't new news; Flash is just another application through which JS's script defects can manifest themselves.
Flash introduces plenty more than just what JS can or has.
-
T77 said:
adobe is doing a really good job
of putting their responsibility on others shoulders!maybe they should dump their flash if they cant repair its ever growing vulnerabilities!
-
So what's the hole exactly? Based on what I read it looks like you could make an application that lets users upload a swf to the server and then serve that same swf up to other users as content. If that's correct then Adobe is right to say it isn't their security issue but an issue with web applications that use that technology. Clearly adobe cannot create a technology that stops servers from serving up swf files. It would be the responsibility of the web application developer to make sure their application does not have this vulnerability. For the record this exact same issue exists with java script , that's why most blogs won't let you include HTML tags in your comments.
Most Popular
| Trending | Featured |
Featured on Smartphones
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.