Security research firm Foregorund has made known today that there is yet another serious flaw in Abobe’s Flash plugin. The problem could potentially affect many of the sites we use every day. Researcher Mike Murray said, “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this."

The problem stems from the Flash ActionScript same-origin policy. This system is supposed to limit a Flash object’s access to content from its original domain. But if an attacker is able to insert malicious code into a Flash object, it can execute that code when run.  Anyone viewing the malicious Flash object is vulnerable to attack.

Adobe and the researchers agree that the flaw is not easily corrected with a patch to Flash. "We see this as a generic problem that affects any site that allows active scripting, not just Flash, but things like JavaScript and Silverlight as well,” said Adobe’s Brad Arkin. Foreground has yet to see any examples of the attack in the wild, but they believe it could happen at any time. The only way to be completely safe from this attack is to stop using Flash or at least running the No Script add-on for Firefox.

fa

Tagged with:

Filed under: News

Like this post? Subscribe to my RSS feed and get loads more!