According to an IT security expert that had discovered a method to exploit the manner by which web browsers—like Firefox, Internet Explorer, Safari, and Chrome—handle Flash files, Adobe Flash's decidedly negligent and slipshod policy is putting visitors to sites sporting UGC (user-generated content) in danger of the usual yet ubiquitous online perils of exploitative hackers and their collection of malware.

Mike Bailey, Foreground Security's Senior Security Researcher, stated in an interview this Wednesday that the abovementioned trouble roots from Adobe Flash's origin policy. To be more specific, Adobe's Flash Player direly needs to overhaul the way it manages its security policy so that it doesn't enable arbitrary content to gain unauthorized access of the popular software. Tragically, Flash Player trusts anything by default, even though it should only trust what is allowed. From there, Bailey offered a more technical discourse of the problem in his blog.

Mike Murray, Foreground Security's Chief Information Officer, provides this example: To illustrate, suppose someone can transfer what appears to be a photo to a social network but is actually a Flash file developed to run malicious script in your browser once it's opened. That's one of the many ways a hacker can manipulate Flash's laughable security measures in a destructive manner. Truly, any machine who dares view the image can and will be compromised.

On the other hand, Bailey is quick to admit that the method hasn't been used in the wild as a viable hacker attack as far as he knows. Then again, he also stresses that a humongous number of websites are vulnerable to this newest cyber hacking threat. Gmail once had a vulnerability that could enable for this type of assault to work, but it has long ago patched that hole; of course, the Flash payload could hypothetically still be run regardless, but it would be quite hard for even the tech-savviest of hackers to perform.

Adobe has been aware of the matter for quite a while, but it insists that it cannot fix the bug without risking Flash content and software compromises across the worldwide web. As such, the jury-rigged solution for the dilemma at present for administrators is creating some configuration changes to each website in order to alleviate the risk. Users also have the option to disable Flash or avail of the NoScript browser plug-in to protect themselves from this glitch.