"Researchers from Google and a well-known security firm have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites
susceptible to attacks that steal the personal details of visitors.
The security bugs reside in Flash applets, the ubiquitous building
blocks for movies and graphics that animate sites across the web. Also
known as SWF files, they are vulnerable to attacks in which malicious
strings are injected into the legitimate code through a technique known
as cross-site
scripting, or XSS.
Currently there are no patches for the vulnerabilities, which are found
in sites operated by financial institutions, government agencies and
other organizations."
"Stamos said Adobe is likely to update its Flash Player so it does a
better job of vetting code variables before executing SWF files. But he
said interaction with third-party code is such a core part of the way
Flash works that updates to the player would likely provide only a
partial fix."
Article Link: http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/
