Flash Vulnerabilty In The Wild


Every flash-enabled web browser without a Flash-blocking feature (ala NoScript) is vulnerable to remote compromise.

Having this much exposure completely controlled by one proprietary 3rd-party closed-source vendor is bad for the ecosystem. There’s a Free Flash clone underway, but it’s not good enough to replace Flash for many sites that require Flash, and many sites now require Flash.

Please, website designers: Stop hurting the web. Make sites that can be used without Flash, and add all the glam you want around it. Because Flash isn’t an open standard this problem will always exist. AJAX and SVG can accomplish all or most of what Flash can do, and any talented designer can figure these out.

Update: Adobe has updated their info, and it appears the very latest version (9,0,124,0) is not exploitable, thus this is not zero-day, and I didn’t need to publish this article. Title was: “0-Day Flash Vulnerability In The Wild”.