Slippery Flash Exploit Hits Gmail, YouTube, Flikr

by

Word has emerged of a new vulnerability in Adobe’s Flash that seems as though it may well be entirely unpatchable, leaving web users in a fairly untenable position securitywise.

Adobe Flash logo

While Flash has long been criticised as something of a security risk, a large portion of that risk normally tends to be associated with the manner in which users are expected to keep a Flash player up to date in their own browsers. In that respect, if in no other, the emergence of a Flash exploit that could well prove to be entirely unpatchable is very worrying indeed. Moreover, the list of potentially exploitable sites includes names as big as Gmail, Flikr and YouTube.

What is perhaps most interesting is that the word that the latest vulnerability is unpatchable comes from Adobe, who we would imagine might be doing as much as possible to minimise the fallout from this kind of news. Apparently, Adobe contacted Mike Bailey, a security researcher at Foreground Security, to inform him that the exploit was something for which there is “no easy solution,” to which Bailey responds, “I don’t see a fix coming from them anytime soon.” News media at large is now calling the exploit “unpatchable.”

For now though, it seems as though Adobe may well be the only one not having too much success with this latest exploit, considering the fact that Microsoft’s Hotmail and YouTube have apparently already taken care of the issue on their ends.

If you’d like to read more about how the whole exploit works then you should check out Mike Bailey’s post about it over at Foreground Security. It makes for some very interesting, if a little complicated, reading. We’ll be curious to see if and when other services start rolling out fixes, but it’s encouraging to see Hotmail and YouTube locked down so quickly.

Advertisements

Tags: , , , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: