"Hackers can exploit a flaw in Adobe’s Flash to compromise nearly every Web site that allows users to upload content, including Google’s Gmail, then launch silent attacks on visitors to those sites, security researchers said today. Adobe did not dispute the researchers’ claims, but said that Web designers and administrators have a responsibility to craft their applications and sites to prevent such attacks.
"The magnitude of this is huge," said Mike Murray, the chief information security officer at Orlando, Fla.-based Foreground Security. "Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this."" – Content courtesy of Flash flaw puts most sites, users at risk, say researchers