Websites at risk from Adobe Flash vulnerability

28 May 2008

A previously unknown vulnerability in Adobe Flash has been discovered by hackers and is being used in conjunction with the common SQL injection attack.

Together these attacks can lead to the user downloading more than they bargained for and opening a Flash file that could hijack their computer.

Brian Honan of online security consultancy BH Consulting noted this vulnerability on his blog yesterday. He explained that attackers are ‘injecting’ redirections into legitimate sites which send users to a hostile site hosting the malicious Flash files.

While the content on the owner’s site may be safe, hosted ads could potentially harbour the Flash exploit.

“Site owners need to ensure their sites are secure and not susceptible to common types of attacks such as SQL injection attacks, which in turn allows for this type of attack against clients browsing the site.

“If possible, they should also ensure they can trust the source of any additional material on their site, such as material placed there by advertising networks,” explained Honan.

Finally, Honan advised website owners closely monitor the usage and network traffic for their sites and are wary of large amounts of redirected traffic from their site to non-related domains or websites.

Companies should also be careful about the kind of Flash files downloaded over their network by employees.
“If you [IT professionals] are concerned about this attack vector, you should explain the risks to your senior management and see if they want to block downloads of Flash files at your perimeter using your firewall or web proxy.”

Non-business users should also be careful: ensure antivirus software is up-to-date, ensure all the latest patches are installed on a PC and avoid visiting dodgy websites, as well as not clicking on any links in non-verified emails.

Adobe’s product security incident response team said on the official site: “We are working with Symantec to investigate the potential SWF (file) vulnerability and will have an update once we get more information”.

By Marie Boran