Adobe Flash Flaw Threatens Websites

A serious flaw in the way people use Adobe's Flash software could leave tens of thousands of websites vulnerable to hackers. The problem lies in Shockwave Flash files (SWFs), which appear on websites and allow the site author to include short movies or animated graphics. (Source: half-serious.com)

The way the software currently works means it's possible for hackers to insert their own code into these files. For example, they could program the file to send them copies of personal information that the user types while visiting a site. At the moment, there are no patches available.

The problem is uncovered in the new book, 'Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions'. The authors include researchers from Google and iSEC partners, a firm that specialises in security testing.

According to the book, which won't be officially released until January, more than 500,000 SWFs are vulnerable to hackers, including those on sites for financial firms and government agencies.

Author Alex Stamos warned that the only sure-fire way to get around the problem is to remove the SWFs from the site until a solution is found. The issue is made worse by the fact that many of the most common programs used for creating such animations automatically generate code that includes the bugs. Site owners will need to manually examine every SWF and check for problems.

The authors have been coordinating with Adobe on the problem and the software firm says a solution should be available in the next few weeks. (Source: computerworld.com)