Most educational websites in the U.S. are using Flash applications that fail to adequately secure these pages. This is a growing problem for the Internet as vulnerable sites can be hijacked for malicious and criminal activity, according to a paper published in the International Journal of Electronic Security and Digital Forensics this month.
This is a pretty worrying report. Scanning 250 educational web sites, the researchers only found 2 that had no Flash vulnerabilities. Twenty percent had medium-level security problems. Passwords and other sensitive information can be gathered.
As the release states:
However, although provider Adobe releases regular security patches to address problems as they arise, many sites are not kept up to date and so remain vulnerable. Companies such as Apple, refuse to allow Flash to run on their consumer devices for this very reason.
Having such a ubiquitous process that has many vulnerabilities and can so easily be placed on web pages by almost any researcher is quite worrisome. Especially as most people are more concerned about the educational aspects of their Flash applications, not the security problems.