Adobe has patched a Flash Player bug that could allow Websites to turn on a visitor’s camera and microphone without permission.
The flaw was first reported in 2008 and Adobe soon fixed it by changing how the Flash security dialog box behaved when it was displayed in hidden mode.
This month, on 18 October, Feross Aboukhadijeh showed how it could still be exploited on Firefox and Safari for Apple’s Mac computers but he said that Windows browsers did not seem to work the same way with cascading style sheets (CSS).
This allowed his program to secretly store his Web address to be allowed to use the camera and microphone functions at any time. This is a classic method used by “clickjackers” to trick unwary users into giving away passwords and other useful information.
“Although every browser and OS is theoretically susceptible to this attack, the process to activate the Webcam requires multiple highly targeted clicks, which is difficult for an attacker to pull off,” admitted Aboukhadijeh. “I’m not sure how useful this technique would actually be in the wild, but I hope that Adobe fixes it soon so we don’t have to find out.”
He reported the flaw to Adobe a few weeks before writing his blog but did not hear anything back from the company. “I think it’s worth sharing it with the world now, so that Adobe pays attention and fixes it more quickly,” he said.
It seems that Adobe had been paying attention because on 19 October the company said a fix had been made. A blog by Wendy Poland, a member of the Adobe Product Security Incident Response Team, wrote: “Adobe is aware of a report describing a clickjacking issue related to the online Flash Player Settings Manager. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe Website. No user action or Flash Player product update are required.”
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…