Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


10,000 Websites Containing Flash Applets are Vulnerable

Google security experts have warned the users of Flash applets about
the security loopholes in them. Google, along with iSEC, has
discovered this new problem, which cause serious harm to more than
500,000 Flash files available on public and banking websites by
opening them to from Cross-Site Scripting (XSS) strikes.

The security experts have said that security bugs, which cause harm
to files, are found in Flash applets, the building blocks for
graphics and movies that animate the sites across the World Wide Web.
The Flash applets are also known as SWF files and are most
susceptible to be attacked where malevolent strings pieces are
integrated into the authentic code via XSS.

Apparently, Adobe has been informed about the findings by the team of
security experts. But the researchers said that even the most recent
security update of Flash Player by Adobe is not able to protect
against the discovered dangers. The group is compiling details in a
new book - "Hacking Exposed Web 2.0" slated to this January in the

The team has also disclosed important information in regard of how to
overcome this problem. According to authors, security patches do not
guarantee solution to the problem because harmful codes are produced
when Flash Tools are created, including renowned one like Breeze,
Camtasia and Dream Weaver.

As per the findings of security experts, the loopholes open cookies
to be read out easily and the login information to be stolen easily,
for instance, through manipulated link with certain variables SWF
files can be executed.

The security experts have found that vulnerable data is quite easy to
remove. Attackers first search the vulnerable SWF files from website
directories and then each file is tested one by one.

There is no alternative to deal with this problem except removing the
SWF files. People should wait for new updates of authoring tools and
Flash players. Till Adobe does not come up with new updates, people
have to be careful in selecting the right kind of Flash applets.
Before using the Flash applets, make sure that it is manually tested,
stated Alex Stamos, one of the authors of the book, as reported by
Theregister on December 21, 2007.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 1/9/2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page