Beyond Security finds bug in Macromedia's Flash software

Flash technology is used to view interactive "pop-up" advertisements.

Netanya-based information security company Beyond Security, which specializes in mapping and simulating initiated attacks on corporate networks, announced today that it had exposed a hole in Macromedia's Flash software. The bug potentially enabled stealing of information from Internet web surfers.

Flash technology is installed on approximately half a billion computers worldwide and is used, among many other applications, for viewing of interactive (pop-up) advertisements. Beyond Security said that exploitation of the software hole could enable modifications to the content viewed by the victim, including changing of ads to those of competitors, stealing user sensitive data such as cookies and possibly even retrieving the user names and passwords to the sites using Flash ads.

The problem was reported by Beyond Security’s business partner in Japan, Scan Security Wire. Both companies have a joint history of uncovering network security holes. Last year, the companies reported a security hole that allows counterfeiting Verisign’s web certificates that protect e-commerce web sites.

Upon learning about the exposure Beyond Security contacted Macromedia, the developers of the Flash technology and worked jointly to fix the problem. Macromedia has announced that all major websites using Flash technology for advertisements have already made the necessary changes in their sites.

Published by Globes [online] - www.globes.co.il - on 21 April 2003

5 Comments
View comments in rows
Update by email about comments talkback
POST
Comments
Your name
Please insert your name
Content
Hyperlink in a new window Hyperlink Right Left underline italic bold Bulleted List Ordered List Face1 Face2 Face3 Face4 Face5 Face6
Your comment

Thanks
You comment was recieved and soon will be published.
In posting comments, I agree to abide by the Terms of Use
Globes encourages lively and frank debate, but posts that the editors consider merely abusive or otherwise inappropriate will be removed. Report inappropriate content
Thank you for posting your comment, which will be reviewed for publication.
Loading Comments...load
Load more comments
Twitter Facebook Linkedin RSS Newsletters גלובס MAD Conference 2017