Dangerous "unpatchable" flaw discovered in Adobe Flash

By Justin Mann on November 13, 2009, 1:30 PM
A newly discovered flaw in the Flash suite could put both users and servers at risk, according to some recent reports. Adobe has verified the hole, which lies inside any Flash-based application that allows people to upload their own content. Though some details are omitted, the flaw would allow someone to upload a malicious Flash object to a site, which in turn would be downloaded and processed by people visiting the site. According to one security expert, any site relying on user uploads through Flash could be vulnerable.

Adobe is contending that it is not entirely their issue. Other active scripting could also be made vulnerable, such as JavaScript or Silverlight, along with any site that relies on these to provide a mechanism for users to upload files. Because of that, Adobe said the problem is not fixable through a Flash update. Instead, it is on the shoulders of administrators whose servers use Flash. Adobe also suggests it is the responsibility of app developers to be security-minded and prevent this sort of thing from happening.

This isn't the first severe flash flaw to emerge this year. Only a few months ago, a "critical" vulnerability was discovered and published. Earlier in the year, Adobe was tackling a host of other security issues with Flash as well. This newly-discovered vulnerability could prove to be the worst yet -- and it doesn't help that Adobe is claiming the flaw is "unpatchable". A solution must be discovered, but it may be something that has to happen on a developer, browser or OS level instead of through Flash.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.