Adobe plays down Flash security slurs
By Asavin Wattanajantra,
A security researcher has posted details of a way of attacking how a browser handles Adobe Flash, which he has described as ‘frightening’.
Mike Bailey, senior researcher for Foreground Security, said in a statement that the issue allowed an attacker to take over nearly any computer visiting a website that allowed file uploads.
He said that the vulnerability exploited the ‘same origin’ policy of Adobe Flash, and that nearly any site that allowed user-generated content could be attacked.
“Whether you use Flash or not, you may still be vulnerable because this issue affects users directly and not the servers themselves," Bailey said.
He added: “Websites that are at risk of being vulnerable include social media sites, major career portals, and Fortune 1000 and government agency websites. Basically, if you have a website, you could be vulnerable.”
Bailey said he reported the vulnerability to both Adobe and Google, as he believed that Google Apps and Gmail could be affected by the issue.
In response, Adobe senior security researcher Peleus Uhley said in a blog post that the vulnerability Bailey described was not news, that it had been understood and discussed by the security community for years, and wasn’t actually a Flash vulnerability.
“Web servers that choose to accept user-uploaded content also choose to accept the risks that go along with that functionality," he said.
“Flash Player’s behaviour is consistent with other technologies and the web browser security model. Several web technologies pose the same risk to servers that allow end-user uploads.”
Sponsored Links
advertisement
Latest Public Sector Analysis & Insight
The Digital Economy Act: Is it doomed to never happen?
As a further delay hits part of the implementation of the Digital Economy Act, is this just a small hiccup, or is the Act being rendered toothless already? Simon Brew takes a look.
- Does the government want to snoop on your data?
- Q&A: Rajeeb Dey, CEO Enternships
- Government IT: Apples for the mandarins
- Striving to solve the security skills crisis
- 2011: The year in news
- Are the cookie laws crumbling already?
- UK rural broadband: too little, and too late
- How the Data Protection Act's death will punish the UK economy
- Education: glad to be a geek
Latest Public Sector Reviews
HTC Flyer review: First Look
- HP TouchPad review: First Look
- RIM BlackBerry PlayBook review - First Look
- MWC 2011: Acer Iconia A100 and A500 reviews – first look videos
- MWC 2011: HP TouchPad review - first look video
- MWC 2011: RIM BlackBerry PlayBook review - first look video
- MWC 2011: HP Pre3 review - first look video
- MWC 2011: Motorola Pro review - first look video
- MWC 2011: HTC Flyer tablet review - first look video
- MWC 2011: Samsung Galaxy Tab 10.1 review – first look video
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Dell EqualLogic PS6100XS review
- Chromebooks: What's gone wrong?
- ICO: Fines for cookie law breakers
- UK regulator shuts down Angry Birds scam
- Open source software driving cloud-based innovation
- Fujitsu targets enterprises with Android ICS tablet
- IBM bans use of Siri on iPhones
- Dell PowerEdge R820 review
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
Latest News Videos in Public Sector
Q&A: David Elton, PA Consulting Group
PlayCIOs are increasingly influential, but have to juggle "dual roles", study finds.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Adobe plays......
For me is impossible to use some facebook games thanks to the last flash player that makes a mess in the graphics. I use Linux and the flash player don't let me to use the facebook properly. Really, don't like to downgrade the flash just for some games.
By MaledictusXVII on Tuesday Nov 17