Flash Player failure affects thousands of web pages

Sapo opens laboratory at the University of Aveiro

Adobe is working on updating the Flash Player that will fix a vulnerability detected on hundreds of thousands of sites. The problem, made known in December for the first time, allows an attacker to use malicious files in the Shockwave Flash (.swf) format to attack visitors to an affected page.

The attacks are carried out based on the cross-site scripting technique and allow these cybercriminals to create fake pages or, in some situations, to gain access to user banking sessions to steal passwords and other personal information.

After the failure was made public, both Adobe and other publishers of software corrected their development tools so they wouldn’t create files flash vulnerable. However, there are still more than 500 thousand files of this type published on different sites online, indicates Rich Cannings, the person responsible for identifying the fault.

Matt Rozen, a spokesman for Adobe, told PCWorld that the solution to this vulnerability is being developed and will therefore be available soon.

Security experts indicate that Adobe’s main problem at the moment is to fix the bug without harming old flash files.

Related News:

2008-03-27 – Free version of PhotoShop available online