Netanya-based information security company Beyond Security, which specializes in mapping and simulating initiated attacks on corporate networks, announced today that it had exposed a hole in Macromedia's Flash software. The bug potentially enabled stealing of information from Internet web surfers.
Flash technology is installed on approximately half a billion computers worldwide and is used, among many other applications, for viewing of interactive (pop-up) advertisements. Beyond Security said that exploitation of the software hole could enable modifications to the content viewed by the victim, including changing of ads to those of competitors, stealing user sensitive data such as cookies and possibly even retrieving the user names and passwords to the sites using Flash ads.
The problem was reported by Beyond Security’s business partner in Japan, Scan Security Wire. Both companies have a joint history of uncovering network security holes. Last year, the companies reported a security hole that allows counterfeiting Verisign’s web certificates that protect e-commerce web sites.
Upon learning about the exposure Beyond Security contacted Macromedia, the developers of the Flash technology and worked jointly to fix the problem. Macromedia has announced that all major websites using Flash technology for advertisements have already made the necessary changes in their sites.
Published by Globes [online] - www.globes.co.il - on 21 April 2003