Macromedia investigates Flash security

It could be serious, but history suggests there's little to lose sleep over

Software giant Macromedia is investigating reports that its Flash Player plugin for Internet browsers could allow malicious hackers access to computers connected to the Internet.

An advisory reported to the popular security mailing list Bugtraq on 2 January that a flaw in Flash -- which allows Internet users to playback multimedia content embedded into Web pages -- could enable a malicious user to launch an attack.

The advisory suggests the software has a buffer overflow vulnerability, which gets around the program's built in security. This could allow unauthorised, potentially malicious, code to be executed on a PC.

A spokeswoman for Macromedia says that the company's technical staff are investigating the situation. "It is a serious issue but there have been issues in the past that have arisen and there has not been a flaw," says the spokeswoman. "We need to look into it before we can comment."

Although the author of the alert suggests the vulnerability could be exploited to upload viruses, Trojan horses or other malicious code to a computer with Flash installed, one security expert thinks most users are safe.

"Its unlikely, based on past history," says Eric Chien, chief researcher at SARC, Symantec's Antivirus Research Centre. Chien says that providing Macromedia provides a swift patch and users install it, there is little danger. He believes, however, that virus writers may start exploiting this sort of vulnerability before long.

According to Macromedia's own figures Flash is used by 96 percent of all Web users.

Take me to Hackers.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.