There is a gaping security hole in Flash, that according to ComputerWorld’s Gregg Keizer “can exploit a flaw… to compromise nearly every Web site that allows users to upload content, including Google’s Gmail, then launch silent attacks on visitors to those sites.”
Not good. But it gets worse.
Adobe has acknowledged the problem, and has promised nothing. No patch, no quick fix, nothing but a thumb of the nose. Adobe has made it plain that websites and their creators are responsible for their security.
That sounds like GM saying drivers are responsible for exploding gas tanks. This is a big, bad problem. Expect to see backlash to Adobe, and some fix in the pipeline. If not, a large swath of the internet is now very, very insecure.
Mike Murray of Foreground Security said it well: “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this.”
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
H/T @MichaelKlurfeld for the tip.
Get the TNW newsletter
Get the most important tech news in your inbox each week.