Has Flash made your website vulnerable?

While it's been known for some time that Flash possesses security vulnerabilities that allow malicious code exploits, The Register reports that researchers from Google estimate thousands of websites may be susceptible to attacks and theft of personal data. Cross-site scripting, or XSS, allows for the insertion of malicious code through bugs in simple ActionScripting. Adobe currently hasn't released a patch, but according to the article has promised patches within the next few weeks. Until then, however, Firefox users can make use of the plugin NoScript to block Flash content on sites that transmit personal data or other sensitive information. Another plugin is NoFlash for IE.

Is your site vulnerable? Ask yourself if you gather any sensitive data, what kind of encryption you use, and whether or not any Flash files are used on the pages that gather that data or pages that the data is passed to. Ask yourself, too, if you can minimize the inclusion of Flash in just those pages. At the moment data protection is neither easy nor quick, but until the promised patches are released, it's better to be safe than sorry.