Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Hackers Exploit Adobe Flash Web Browser Vulnerability to Serve Malware

A security investigator at Foreground Security has found that the method in which Web browsers deal with Adobe Flash is flawed; consequently, it could allow malicious users to hijack websites, which accept user content.

The flaw is related to a method that takes advantage of the Adobe Flash same-origin rule (policy) for serving and uploading malevolent files.

Actually, the rule or policy limits Flash objects so that they just retrieve content from where they originate. Meanwhile, the flaw occurs because Flash objects belonging to the user's server would run within the circumstances related to the user's domain.

In case an attacker is able to add a harmful Flash object to an Internet site - via its capabilities for user-generated content that allow visitors to post content on the site, he would also be able to run malicious code from that domain.

It is possible that the attack could take place on various websites ranging from social-networking to Web-mail. Basically, the attacker exploits the uploading of Flash objects as content to a website that allows him to run malicious code from it for stealing personal information of those people who visit the site.

Mike Bailey, Security Researcher at Foreground Security, said via a blog that if an attacker could manage the hosting of a particular file on a particular server, then he could utilize that file for attacking that server, as reported by Information Week on November 12, 2009.

Commenting on the issue, Michael Murray, CSO, Foreground Security, states that all users are vulnerable to the attack and there is no solution they can find for themselves. The company revealed how the attack could be executed against File Manager of cPanel, SquirrelMail, and Gmail, as reported by Dark Reading on November 12, 2009.

Murray adds that his company is hoping that it can persuade CIOs and IT administrators to begin a patching drive for their websites.

Meanwhile, Adobe without disputing over the investigator's declarations stated that those who designed and administered websites bore a responsibility to develop sites and software that effectively blocked such attacks.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 11/24/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page