Yet another reason not to use Flash for your site

There are no guaranteed safe solutions for website security, other than constant vigilance. A recently announced exploit of some versions of the Flash player can cause problems.

MacNN | Symantec: Flash exploit in widespread use
Hundreds of thousands of webpages have been affected by a vulnerability in Adobe’s Flash Player, says security vendor Symantec. Since at least Monday, approximately 220,000 pages have been been hacked to add redirection scripts, which send Flash users to some 57 servers that attempt to deliver malware, including botnet code and apps that steal World of WarCraft identities and passwords. Only Flash Player versions and appear to be at risk; the attack also seems to be directed primarily at Windows, says Symantec, although problems may yet arise on other operating systems (including Mac OS X) unless Adobe can close the exploit.

Sites victimized by the redirection scripts are generally said to be those belonging to small towns, businesses and non-profit organizations, which may have been chosen through a tool that uses Google to trawl for pages with security holes. If an attack fails, Symantec notes that it may still crash a user’s browser.

Adobe has yet to confirm or deny the security issue. “We are working with Symantec to investigate the potential SWF vulnerability,” an official statement reads, “and will have an update once we get more information.”

Make sure you have backups of your data, and be aware, it’s affecting the latest version of the Flash player, so now may not be the best time to update.

Adobe hasn’t officially responded.

Continue reading →