Flash Flaw Allows Attackers to Take Over Your PC

WebMonkey Beta 2.0: The Web Developer's Resource

tutorials
reference
code library
blog
create a page
- all
- tutorials
- reference
- code
- blog

Help|
Rss feeds
- Rss feeds
- Subscribe to:
- Tutorials
- Reference
- Code library
- All articles
- Monkey Bites Blog

Member Sign In

Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.

It's fast and free.

Join Now

Webmonkey is a property of Wired Digital.

processing...

Join Webmonkey

E-mail address:

Username:

Password:

Confirm password:

Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.

Yes No

Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.

Yes No

I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.

Join Now

Webmonkey is a property of Wired Digital.

processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

Webmonkey is a property of Wired Digital.

processing...

Welcome to Webmonkey

A private profile page has been created for you.

As a member of Webmonkey, you can now:

edit articles
add to the code library
design and write a tutorial
comment on any Webmonkey article

Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.

If you cannot find it in your in-box, please check your bulk or junk folders.

Webmonkey is a property of Wired Digital.

Flash Flaw Allows Attackers to Take Over Your PC

By Scott Gilbertson May 28, 2008 Categories: Platforms & APIs

A recently uncovered flaw in Adobe’s Flash Player software allows malicious sites to run remotely executable code, granting them full control over your PC. The exploit works by first attacking susceptible websites, adding in redirection scripts and then running a .swf file which compromises your PC.

Regrettably this isn’t a theoretical issue, it’s in the wild with Symantec’s Security Focus reporting approximately 20,000 infected web pages. Most of those sites appear to have been compromised through SQL-injection attacks.

By injecting the redirection scripts into normally trusted sites the attacker can send you the malicious .swf file without you ever realizing what’s happening.

Adobe has acknowledged the issue, but so far hasn’t released a patch.

Given that the attack uses redirect scripts, it’s hard to suggest a way to avoid this one, short of disabling the Flash player entirely. Firefox users can use the No Script add-on to stop JavaScript, which should stop the redirects from working.

See Also:

Tags: flash, security

Post Comment Comments Permalink Print

Reddit Digg

/monkeybites_categories/

/monkeybites_team/

Michael Calore | E-mail | View profile
Scott Loganbill | E-mail | View profile
Adam DuVander | E-mail | View profile
Scott Gilbertson | E-mail | View profile

Subscribe to this blog

Send us a tip

/blog/popular_tags/

blogs browsers communities cool sites current affairs design firefox general google humor iphone linux mac music networks nightly build office other p2p photos Programming reboot search security software video vista web 2.0 where2dot0 windows

See all Monkey Bites tags

See more programming.reddit.com

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year

WiredWebmonkey is a property of Wired Digital All text is shared under a Creative Commons License.

Wired Digital: Wired.com | Wired How-To Wiki | Reddit | Subscribe to WIRED Magazine

Subscribe to a magazine: