Adobe has patched a Flash Player bug that could allow Websites to turn on a visitor’s camera and microphone without permission.
The flaw was first reported in 2008 and Adobe soon fixed it by changing how the Flash security dialog box behaved when it was displayed in hidden mode.
This month, on 18 October, Feross Aboukhadijeh showed how it could still be exploited on Firefox and Safari for Apple’s Mac computers but he said that Windows browsers did not seem to work the same way with cascading style sheets (CSS).
This allowed his program to secretly store his Web address to be allowed to use the camera and microphone functions at any time. This is a classic method used by “clickjackers” to trick unwary users into giving away passwords and other useful information.
“Although every browser and OS is theoretically susceptible to this attack, the process to activate the Webcam requires multiple highly targeted clicks, which is difficult for an attacker to pull off,” admitted Aboukhadijeh. “I’m not sure how useful this technique would actually be in the wild, but I hope that Adobe fixes it soon so we don’t have to find out.”
He reported the flaw to Adobe a few weeks before writing his blog but did not hear anything back from the company. “I think it’s worth sharing it with the world now, so that Adobe pays attention and fixes it more quickly,” he said.
It seems that Adobe had been paying attention because on 19 October the company said a fix had been made. A blog by Wendy Poland, a member of the Adobe Product Security Incident Response Team, wrote: “Adobe is aware of a report describing a clickjacking issue related to the online Flash Player Settings Manager. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe Website. No user action or Flash Player product update are required.”
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…