sincity Posted July 9, 2014 Share Posted July 9, 2014 http://cdn.mos.techradar.com/art/logos/flash-adobe-rightsize-470-75.jpgA Swiss Google engineer, Michele Spagnuolo, has managed to come up with a tool that exploits three characteristics of Adobe's Flash and JSONP (JavaScript Onject Notation with padding).In a blog post, he wrote: "I present Rosetta Flash, a tool for converting any SWF file to one composed of only alphanumeric characters in order to abuse JSONP endpoints, making a victim perform arbitrary requests to the domain with the vulnerable endpoint and exfiltrate potentially sensitive data, not limited to JSONP responses, to an attacker-controlled site".Best free antivirus software 2014Sites affected by the flaw that have been known to be impacted by the flaw include Google itself, Youtube, Twitter, Instagram, Tumblr and Ebay. It is likely that they will have all, by now, fixed the flaw and everyone is urged to download updates for their respective browsers.Spagnuolo has uploaded Rosetta Flash to Gitbub while Adobe has issued an official statement saying that "These [...] vulnerabilities [...] could potentially allow an attacker to take control of the affected system"http://rss.feedsportal.com/c/669/f/415085/s/3c517455/sc/4/mf.gifhttp://da.feedsportal.com/r/199120423369/u/49/f/415085/c/669/s/3c517455/sc/4/rc/1/rc.imghttp://da.feedsportal.com/r/199120423369/u/49/f/415085/c/669/s/3c517455/sc/4/rc/2/rc.imghttp://da.feedsportal.com/r/199120423369/u/49/f/415085/c/669/s/3c517455/sc/4/rc/3/rc.imghttp://da.feedsportal.com/r/199120423369/u/49/f/415085/c/669/s/3c517455/sc/4/a2.imghttp://pi.feedsportal.com/r/199120423369/u/49/f/415085/c/669/s/3c517455/sc/4/a2t.imghttp://feeds.feedburner.com/~r/techradar/software-news/~4/z8RuqE9pQlo Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.