Dangerous "unpatchable" flaw discovered in Adobe Flash

Status
Not open for further replies.

Justin

TS Rookie
A newly discovered flaw in the Flash suite could put both users and servers at risk, according to some recent reports. Adobe has verified the hole, which lies inside any Flash-based application that allows people to upload their own content. Though some details are omitted, the flaw would allow someone to upload a malicious Flash object to a site, which in turn would be downloaded and processed by people visiting the site. According to one security expert, any site relying on user uploads through Flash could be vulnerable.

Read the whole story
 

tengeta

TS Enthusiast
Its cool how Adobe bought out Flash and then turned it into an even bigger vulnerability than Windows itself.
 

IvanAwfulitch

TS Booster
Lol.

No, seriously. LOL! An unpatchable flaw and they only just found it? Adobe has been out there for how long? I can understand that it might be a roundabout way to hack it, but all it takes is uploading malicious code! That's as easy as it gets! Good job, Adobe. I applaud your inadequacy.
 

Kibaruk

TechSpot Paladin
Like it says, it's not entirely adobes, but the add of some other scripting that generates the blackhole.
 
G

Guest

This give new hope to the migration from flash... I just cant wait for HTML5 to replace the need for flash player (Google need to set an example, by making youtube flash free ... I love the HTML5 youtube demo page).
 
G

Guest

Riiiight.. This is really non-news. Honestly, I have never even HEARD of a website that utilizes Flash to allow users to upload content for other users to download. Are you kidding me? How is this even exploitable? Someone name me a single site that does this. If there is such a thing, then all they need to do is use some other method for distribution. Simple-as-all-hell-fix.

Also, the article mentions that other things involving scripting (Actionscript is VERY similar to Javascript) can suffer from similar back doors. But honestly, how is this even considered a threat? There are so many prerequisites that I feel like this article is merely embracing sensationalism in the pursuit of a story. Bah.
 
G

Guest

Read the article again- it's not about using flash to upload content, it's about uploading malicious flash objects. According to a followup from the researcher, Adobe has 4 or 5 of these vulnerabilities on their own servers. Other demonstrations of vulnerable sites included Gmail and other popular web applications.

Not exactly non-news.
 

rgdot

TS Rookie
Like pointed out...can't wait for HTML 5. A very large percentage of my 'exposure' to flash is youtube.
 
I feel like JS having big security holes isn't new news; Flash is just another application through which JS's script defects can manifest themselves.
 

Darth Shiv

TS Evangelist
flannelwarrior said:
I feel like JS having big security holes isn't new news; Flash is just another application through which JS's script defects can manifest themselves.
Flash introduces plenty more than just what JS can or has.
 

T77

TS Enthusiast
adobe is doing a really good job :( of putting their responsibility on others shoulders!
maybe they should dump their flash if they cant repair its ever growing vulnerabilities!
 
G

Guest

So what's the hole exactly? Based on what I read it looks like you could make an application that lets users upload a swf to the server and then serve that same swf up to other users as content. If that's correct then Adobe is right to say it isn't their security issue but an issue with web applications that use that technology. Clearly adobe cannot create a technology that stops servers from serving up swf files. It would be the responsibility of the web application developer to make sure their application does not have this vulnerability. For the record this exact same issue exists with javascript, that's why most blogs won't let you include HTML tags in your comments.
 
Status
Not open for further replies.