Rub shoulders with leading experts and industry disruptors at TNW Conference →

Inside money, markets, and Big Tech

This article was published on November 13, 2009


    Flash Is Vulnerable – No Fix Coming

    Flash Is Vulnerable – No Fix Coming
    Alex Wilhelm
    Story by

    Alex Wilhelm

    Alex Wilhelm is a San Francisco-based writer. You can find Alex on Twitter, and on Facebook. You can reach Alex via email at [email protected] Alex Wilhelm is a San Francisco-based writer. You can find Alex on Twitter, and on Facebook. You can reach Alex via email at [email protected]

    flash-failThere is a gaping security hole in Flash, that according to ComputerWorld’s Gregg Keizer “can exploit a flaw… to compromise nearly every Web site that allows users to upload content, including Google’s Gmail, then launch silent attacks on visitors to those sites.”

    Not good. But it gets worse.

    Adobe has acknowledged the problem, and has promised nothing. No patch, no quick fix, nothing but a thumb of the nose. Adobe has made it plain that websites and their creators are responsible for their security.

    That sounds like GM saying drivers are responsible for exploding gas tanks. This is a big, bad problem. Expect to see backlash to Adobe, and some fix in the pipeline. If not, a large swath of the internet is now very, very insecure.

    Mike Murray of Foreground Security said it well: “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this.”

    H/T @MichaelKlurfeld for the tip.