The flaw's danger is compounded by the fact that Flash is so widespread and the software doesn't have a built-in upgrade system…

News: Compromised in a Flash
A flaw found in Macromedia's animation software leaves Web surfers vulnerable to attack when they visit an Internet site or, possibly, open an e-mail, a security firm said Tuesday.

The vulnerability, found by security firm eEye Digital Security, allows an attacker to create a hand-edited Macromedia Flash, or SWF, file that can compromise a PC or Macintosh if its user views the file with the Shockwave Flash Player plug-in for Internet Explorer, Netscape or other browsers.

The flaw's danger is compounded by the fact that Flash is so widespread and the software doesn't have a built-in upgrade system, said Marc Maiffret, chief hacking officer for Aliso Viejo, Calif.-based eEye.

"Almost every user is going to have Flash, so they can become compromised," Maiffret said. "Unless the user is smart enough to get the latest version of Flash, then they are going to be vulnerable."
News: Compromised in a Flash