Internet Users Worldwide at Risk as Holiday Shopping Season Begins
ORLANDO, Fla.--(Business Wire)--
Foreground Security, a leader in information security services, solutions and
training, today announced its discovery of a critical vulnerability in Adobe
Flash. The critical issue allows an attacker to take over nearly any computer
visiting a website that allows file uploads.
"Due to the ubiquity of Adobe Flash, which Adobe estimates has over 99% market
penetration globally, the implications of the exploit are far-reaching," said
Mike Murray, Foreground`s chief information security officer. "When you consider
that the number of online shoppers increases exponentially with the approaching
holidays, this vulnerability is definitely a cause for serious concern."
According to Foreground Security Senior Security Researcher Mike Bailey, who
discovered the vulnerability:"Whether you use Flash or not, you may still be
vulnerable because this issue affects users directly and not the servers
themselves. Websites that are at risk of being vulnerable include social media
sites, major career portals, and Fortune 1000 and government agencies websites.
Basically, if you have a website, you could be vulnerable."
Following Mike Bailey's discovery, the vulnerability was reported to both Adobe
and Google, whose Google Applications, including Gmail, are vulnerable to
exploit. No fix is currently available.
Bailey also noted: "This is insidious because Flash content can be crafted to
look like many different file types, such as Microsoft Word or Excel documents,
image files or zip files. This variability allows malicious content to appear in
many different and normally non-threatening guises. Nobody expects pictures to
attack them."
"IT security teams at web properties should evaluate the locations where file
uploads are allowed as well as locations where those uploads are stored to
ensure they are not vulnerable to this condition," said Dave Amsler, Foreground
Security`s president. "We are urging organizations to reach out to trusted
security partners to assist with this fix if they are unable to solve it on
their own. Organizations that take the time to resolve this issue will make the
online shopping season safer for everyone."
Added Amsler: "Foreground recommends that all holiday shoppers immediately take
mitigation steps to reduce their reliance on Flash by disabling it in their
browsers or by using products like NoScript or ToggleFlash to reduce their
exposure whenever possible."
More detail on the vulnerability and information about how consumers can protect
themselves is available on the Foreground Security blog at:
http://www.foregroundsecurity.com/MyBlog/
About Foreground Security
Foreground Security is a leader in information security consulting, training and
services with offices in Virginia, Florida, California, and Illinois. Foreground
Security believes in integrating leading edge security services, training, and
commercial best practices, in order to assist government and private sector
organizations optimize their security posture. The mission of Foreground
Security is to aid clients with overall information security through a customer
centric approach. You will never see a one size fits all proposal or solution
when you choose Foreground Security as your information security partner.
Public Relations:
Shev Rush Public Relations (SRPR)
Kristi Lane
W: 785.393.2261
kristi@shevrushpr.com
Copyright Business Wire 2009
