Watch Where You Flash

Seeing isn’t always believing. People who visit user-generated content sites and click on an image may be at risk of opening something sinister.

In an article on the CNET news website, Elinor Mills says a researcher has found a way to exploit the way browsers handle Adobe Flash files, and the issue is in the origin policy.

“Adobe should change the way Flash Player handles the security policy so it doesn’t allow arbitrary content to access the application without permission,” senior security researcher Mike Bailey of Foreground Security told CNET in an interview.

Unfortunately, Bailey said, Flash Player “trusts anything” by default. So it can be risky for users to upload an image on a social networking site, because the image could be a Flash file “designed to execute malicious code in the browser when the file is opened,” Mills writes.

To read the CNET article, please click here:
http://news.cnet.com/8301-27080_3-10396326-245.html