A security researcher plans to unveil a new Web browser add-on that cleans Adobe Flash code before a video can be played back, preventing attackers from targeting Adobe Flash file errors.
Felix "FX" Lindner of German-based security firm, Recurity Labs, plans to present the new tool, Blitzableiter (lightening rod), at Black Hat 2010 in Las Vegas. An early version of the tool was presented last December at the 26th Chaos Communication Congress (26C3) in Berlin, Germany. When released, the tool will become a component within NoScript, a Mozilla Firefox add-on that protects against cross-site scripting and clickjacking attacks.

"I have high hopes that it will automatically remove a large section of the attacks against Flash," Lindner said in an interview with SearchSecurity.com. "This defense is unique in that there's no signatures involved. We based everything on principles and not attack signatures."

Adobe Systems Inc. has struggled to address holes in its Flash Player, targeted almost constantly by attackers due to its large market share. Flash is ubiquitous on the Web, used by millions to play video content or render Flash-based, interactive webpages and advertising banners. The idea for the new tool was born out of a 2008 study analyzing rich application frameworks, conducted by Recurity Labs for the German government. Recurity found that Flash lagged far behind the Silverlight and Java frameworks, Lindner said.

The link for this article located at Search Security is no longer available.