MENU service case
Website construction website design Beijing website construction high-end website production company Shangpin China
We create by embracing change
360 ° brand value__
simplified Chinese character
Simplified Chinese English

Shangpin China Joins Hands with Beisheng Internet to Create a New Chapter in Website Construction

Type: Shangpin Dynamic Learn more

[Produced by Beijing website] Adobe exposes again the important vulnerability of Flash, which can control the camera stealthily

Source: Shangpin China | Type: website encyclopedia | Time: October 21, 2011

Adobe Reveals Important Flash Vulnerability to Steal Camera


On the morning of October 20, it was reported that Adobe was repairing a Flash related vulnerability, which could be used to secretly open visitors' microphones and cameras.

"The problem is in the Adobe server's Flash Player Settings Manager," said Wiebke Lips, a spokesperson for Adobe. "Engineers are stepping up vulnerability repair work", Lips said in e-mail, "Note that this vulnerability will not involve or require product updates, and can be repaired online on the server side. It will be released immediately after QA work is completed."

It is expected that the vulnerability will be fixed by the end of this week.

The vulnerability was discovered by Aboukhadiieh, a computer science student at Stanford University, and published in yesterday's blog, which contains a video clip. This attack uses a click hijacking method called "clickjacking" to hide the SWF file of the Flash Settings Manager behind the page iFrame, which can bypass the framebusting JS code. ( Beijing website production )

This vulnerability occurred in 2008. An early report from Znet:
Security experts have recently warned that a newly discovered cross browser attack vulnerability will lead to a very terrible security problem, which affects all mainstream desktop platforms, including IE, Firefox, Safari, Opera and Adobe Flash. This security threat, called Clickjacking, was originally to be announced at the OWASP NYC AppSec 2008 conference, but vendors including Adobe requested that this vulnerability not be disclosed until they developed a security patch.
The vulnerability was discovered by two security research experts, Robert Hansen and Jeremiah Grossman, who have disclosed a bit of relevant information to show the seriousness of the security threat.

What exactly is Clickjacking?
Two research experts said that what they found was by no means a minor problem. In fact, it was very serious. They needed to take responsibility before revealing these information. These problems were linked one by one. At least two manufacturers said they would provide patches, but the date was not set. We only discussed this problem with a limited number of manufacturers at present, so the problem was very serious.

According to those who participated in the semi public demonstration at OWASP, this vulnerability is very urgent and will affect all browsers, and it has nothing to do with JavaScript:
In general, when you visit a malicious website, an attacker can control your browser's access to some links. This vulnerability affects almost all browsers, unless you use a character browser like lynx. This vulnerability has nothing to do with JavaScript. Even if you turn off the JavaScript function of the browser, there is nothing you can do. In fact, this is a defect in the working principle of the browser, which cannot be solved by simple patches. A malicious website can let you click on any link, any button or anything on the website without knowing it.

If this doesn't scare you, think about the situation where a user will be unaware and helpless when being attacked:
For example, in Ebay, JavaScript can be embedded. Although the attack does not require JavaScript, it can make the attack easier. Only the lynx character browser can protect yourself and don't use anything dynamic. This vulnerability uses DHTML. Using anti frame code can protect you from cross site attacks, but an attacker can still force you to click any link. Any click you make will be directed to the malicious link, so those Flash games will bear the brunt. According to Hansen, they have talked about this problem with Microsoft and Mozilla, but they all said that this is a very difficult problem and there is no simple solution at present.

label: Beijing website production High end website construction
Source Statement: This article is original or edited by Shangpin China's editors. If it needs to be reproduced, please indicate that it is from Shangpin China. The above contents (including pictures and words) are from the Internet. If there is any infringement, please contact us in time (010-60259772).
TAG label:

What if your website can increase the number of conversions and improve customer satisfaction?

Make an appointment with a professional consultant to communicate!

* Shangpin professional consultant will contact you as soon as possible

Disclaimer

Thank you very much for visiting our website. Please read all the terms of this statement carefully before you use this website.

1. Part of the content of this site comes from the network, and the copyright of some articles and pictures involved belongs to the original author. The reprint of this site is for everyone to learn and exchange, and should not be used for any commercial activities.

2. This website does not assume any form of loss or injury caused by users to themselves and others due to the use of these resources.

3. For issues not covered in this statement, please refer to relevant national laws and regulations. In case of conflict between this statement and national laws and regulations, the national laws and regulations shall prevail.

4. If it infringes your legitimate rights and interests, please contact us in time, and we will delete the relevant content at the first time!

Contact: 010-60259772
E-mail: [email protected]

Communicate with professional consultants now!

  • National Service Hotline

    400-700-4979

  • Beijing Service Hotline

    010-60259772

Please be assured to fill in the information protection
Online consultation

Disclaimer

Thank you very much for visiting our website. Please read all the terms of this statement carefully before you use this website.

1. Part of the content of this site comes from the network, and the copyright of some articles and pictures involved belongs to the original author. The reprint of this site is for everyone to learn and exchange, and should not be used for any commercial activities.

2. This website does not assume any form of loss or injury caused by users to themselves and others due to the use of these resources.

3. For issues not covered in this statement, please refer to relevant national laws and regulations. In case of conflict between this statement and national laws and regulations, the national laws and regulations shall prevail.

4. If it infringes your legitimate rights and interests, please contact us in time, and we will delete the relevant content at the first time!

Contact: 010-60259772
E-mail: [email protected]