Flash Vulnerability Found, Adobe Says No Fix Forthcoming - Slashdot

Slashdot

Flash Vulnerability Found, Adobe Says No Fix Forthcoming 355

Posted by timothy on Thursday November 12 2009, @07:44PM
from the more-from-the-slums-of-the-internet dept.

An anonymous reader writes "Security researchers at Foreground Security have found an issue with Adobe Flash. Any site that allows files to be uploaded could be vulnerable to this issue (whether they serve Flash or not!). Adobe has said that no easy fix exists and no patch is forthcoming. Adobe puts the responsibility on the website administrators themselves to fix this problem, but they themselves seem to be vulnerable to these problems. Every user with Flash installed is vulnerable to this new type of attack and — until IT administrators fix their sites — will continue to be."

This discussion has been archived. No new comments can be posted.

Flash Vulnerability Found, Adobe Says No Fix Forthcoming

Search 355 Comments Log In/Create an Account

Comments Filter:

OH NO!!! (Score:4, Funny)

by Narcocide (102829) writes: on Thursday November 12 2009, @07:45PM (#30081360) Homepage

Someone has found an issue with Flash?! Say it isn't so...

Share
twitter facebook
Re:OH NO!!! (Score:5, Funny)

by Monkeedude1212 (1560403) writes: on Thursday November 12 2009, @07:48PM (#30081396) Journal

I lost count. Can someone help me out again? This time I'll count using Binary on my fingers.

Parent Share
twitter facebook
iPhone (Score:5, Funny)

by Anonymous Coward writes: on Thursday November 12 2009, @07:51PM (#30081424)

I'm very angry that I can't use this vulnerability on my iPhone.

Share
twitter facebook
Re:Client or server? (Score:4, Funny)

by jpmorgan (517966) writes: on Thursday November 12 2009, @07:56PM (#30081472) Homepage

I know it's a lot to ask, but you could just RTFA. I guess I'll be the enabler today...

Apparently it's a server-side vulnerability, but this puts users at risk since hijacking trusted websites makes it much easier to socially engineer malware onto people's computers. I.e., if gmail were to be compromised, and you login to gmail and there's a link to download some special gmail-improving program, a lot of people will download and install it, even though it was placed there by a hacker and not Google themselves.

Parent Share
twitter facebook
Warning - 2nd link points to a FLASH AD (Score:5, Funny)

by tomhudson (43916) writes: <barbara.hudson@b ... m ['ra-' in gap]> on Thursday November 12 2009, @08:00PM (#30081534) Journal
Kind of ironic that an article that warns about flash vulnerabilities as:
1. A flash interstitial ad
2. A page loaded with flash
Oh, wait - it's ComputerWorld. Sorry, I had my expectations too high.
Share
twitter facebook
We need to move beyond Flash (Score:5, Funny)

by ClosedSource (238333) writes: on Thursday November 12 2009, @08:03PM (#30081560)

so we can have malware based on open standards.

Share
twitter facebook
Re:iPhone (Score:5, Funny)

by Icegryphon (715550) writes: on Thursday November 12 2009, @08:03PM (#30081562)

I'm very angry that I can't use this vulnerability on my iPhone.
There is not an app for that?

Parent Share
twitter facebook
Re:OH NO!!! (Score:5, Funny)

by Nerdfest (867930) writes: on Thursday November 12 2009, @08:29PM (#30081818)

I have a sign bit.

Parent Share
twitter facebook
Re:OH NO!!! (Score:5, Funny)

by The Archon V2.0 (782634) writes: on Thursday November 12 2009, @08:52PM (#30082016)

I lost count. Can someone help me out again? This time I'll count using Binary on my fingers.
I tried that, but when I got to 132 vulnerabilities, I felt that was an appropriate enough representation of my opinion and stopped counting.

Parent Share
twitter facebook
Re:Counting binary on your fingers. (Score:3, Funny)

by v1 (525388) writes: on Thursday November 12 2009, @08:56PM (#30082066) Homepage Journal

I'll have to find the right web site to browse to in order to handle the carry

Parent Share
twitter facebook
Re:OH NO!!! (Score:3, Funny)

by BikeHelmet (1437881) writes: on Thursday November 12 2009, @09:07PM (#30082172) Journal

Hmm... looks like you'll need 11 bits to count them all, so please do it in another room.

Parent Share
twitter facebook
Re:iPhone (Score:1, Funny)

by Anonymous Coward writes: on Thursday November 12 2009, @09:36PM (#30082362)

Droid Does!!

Parent Share
twitter facebook
Re:OH NO!!! (Score:3, Funny)

by Anonymous Coward writes: on Thursday November 12 2009, @09:38PM (#30082386)

More importantly, what about ECC?
I had a spasm in my left pinky and now I cant remember if its supposed to be bent or not.

Parent Share
twitter facebook
Re:OH NO!!! (Score:5, Funny)

by badboy_tw2002 (524611) writes: on Thursday November 12 2009, @10:31PM (#30082694)

Useful, but make sure no one is right in front of you when you get to four or they might punch you.

Parent Share
twitter facebook
Re:wait (Score:3, Funny)

by AHuxley (892839) writes: on Friday November 13 2009, @01:19AM (#30083690) Homepage Journal

Wow, thats not nice. Way to much power in one web based tool.
This should all be so sandboxed and open sourced
Let some smart people around the world fix all this stuff :)
No bloat, faster, safer and Adobe can keep its secrets for media/vids ect.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

995 commentsZimmerman Charged With 2nd-Degree Murder
910 commentsIn Nothing We Trust
811 commentsTSA's mm-Wave Body Scanner Breaks Diabetic Teen's $10K Insulin Pump
743 comments$60 Light Bulb Debuts On Earth Day
734 commentsWindows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

Brain damage is all in your head. -- Karl Lehenbauer