Web Design
Mobile Internet
Brand Design
Innovative
News
Encyclopedias

[Produced by Beijing website] Adobe exposes again the important vulnerability of Flash, which can control the camera stealthily

Date:2012-10-21 Source: Shangpin China Type: website encyclopedia
Word Size: small   medium   big

Adobe Reveals Important Flash Vulnerability to Steal Camera


On the morning of October 20, it was reported that Adobe was repairing a Flash related vulnerability, which could be used to secretly open visitors' microphones and cameras.

"The problem is in the Adobe server's Flash Player Settings Manager," said Wiebke Lips, a spokesperson for Adobe. "Engineers are stepping up vulnerability repair work", Lips said in e-mail, "Note that this vulnerability will not involve or require product updates, and can be repaired online on the server side. It will be released immediately after QA work is completed."

It is expected that the vulnerability will be fixed by the end of this week.

The vulnerability was discovered by Aboukhadiieh, a computer science student at Stanford University, and published in yesterday's blog, which contains a video clip. This attack uses a click hijacking method called "clickjacking" to hide the SWF file of the Flash Settings Manager behind the page iFrame, which can bypass the framebusting JS code. ( Beijing website production )

This vulnerability occurred in 2008. An early report from Znet:


Security experts have recently warned that a newly discovered cross browser attack vulnerability will lead to a very terrible security problem, which affects all mainstream desktop platforms, including IE, Firefox, Safari, Opera and Adobe Flash. This security threat, called Clickjacking, was originally to be announced at the OWASP NYC AppSec 2008 conference, but vendors including Adobe requested that this vulnerability not be disclosed until they developed a security patch.
The vulnerability was discovered by two security research experts, Robert Hansen and Jeremiah Grossman, who have disclosed a bit of relevant information to show the seriousness of the security threat.

What exactly is Clickjacking?

Two research experts said that what they found was by no means a minor problem. In fact, it was very serious. They needed to take responsibility before revealing these information. These problems were linked one by one. At least two manufacturers said they would provide patches, but the date was not set. We only discussed this problem with a limited number of manufacturers at present, so the problem was very serious.

According to those who participated in the semi public demonstration at OWASP, this vulnerability is very urgent and will affect all browsers, and it has nothing to do with JavaScript:

In general, when you visit a malicious website, an attacker can control your browser's access to some links. This vulnerability affects almost all browsers, unless you use a character browser like lynx. This vulnerability has nothing to do with JavaScript. Even if you turn off the JavaScript function of the browser, there is nothing you can do. In fact, this is a defect in the working principle of the browser, which cannot be solved by simple patches. A malicious website can let you click on any link, any button or anything on the website without knowing it.

If this doesn't scare you, think about the situation where a user will be unaware and helpless when being attacked:

For example, in Ebay, JavaScript can be embedded. Although the attack does not require JavaScript, it can make the attack easier. Only the lynx character browser can protect yourself and don't use anything dynamic. This vulnerability uses DHTML. Using anti frame code can protect you from cross site attacks, but an attacker can still force you to click any link. Any click you make will be directed to the malicious link, so those Flash games will bear the brunt. According to Hansen, they have talked about this problem with Microsoft and Mozilla, but they all said that this is a very difficult problem and there is no simple solution at present.


label: Beijing website production High end website construction


Please contact our consultant

+86 10-60259772

Please provide your contact number. The project manager of shangpin China will contact you as soon as possible.