Researchers from Google have documented serious vulnerabilities in
Adobe Flash content which leave tens of thousands of websites
susceptible to attacks that steal the personal details of visitors. …
One reason for the sheer volume of vulnerable applets: SWF files generated by six of the more popular content development tools automatically contain the bugs, according to the book. Those programs include DreamWeaver, Connect, Breeze – which are sold by Adobe – and TechSmith Camtasia, InfoSoft FusionCharts and software from Autodemo.
Stamos said Adobe is likely to update its Flash Player so it does a better job of vetting code variables before executing SWF files. But he said interaction with third-party code is such a core part of the way Flash works that updates to the player would likely provide only a partial fix.
Eradicating the problem will require updates for all of the graphics authoring tools so they no longer generate buggy Flash content. Even then, security pros will have to analyze all of a website’s SWF files and recompile any found to be vulnerable.
Flash vulnerabilities menace tens of thousands of websites