Adobe’s Workaround for “Clickjacking” Issue, and What You Can Do Now
UPDATE: Adobe released Flash Player 10.0.12.36. Look-wise, it’s an improvement. Take a look at the 3-D effects that Flash Player 10 supports at Alternativa’s demo site.
New versions usually mean new vulnerabilities. Protect yourself with Firefox + the NoScript add-on.
———————————————————————————————-
Adobe recently acknowledged a critical issue with its Flash Player. Named “clickjacking,” this occurs when a user visits a legitimate site, then clicks on a link or Flash content on the site. But actually, they are clicking on an invisible control (perhaps a button) placed there by a malicious person.
Adobe considers this critical. Robert Hansen and Jeremiah Grossman, the researchers who discovered this vulnerability, will release specific details after Adobe fixes the issue.
In the meantime, Israeli researcher Guy Aharonovsky demonstrated how clickjacking can be used to reset Adobe Flash Player’s privacy settings, then surreptitiously turn on a computer’s microphone and webcam. Adobe published a workaround to protect users from this issue right now.
Adobe plans to release an updated Flash Player at the end of October, 2009. Be the first to know by signing up with Adobe’s security notification service.
A great way to protect yourself now is to use the Firefox browser with the add-ons Flashblock and/or NoScript. NoScript has recently been updated specifically to prevent clickjacking.
Photo: PiPiWa
Share this post!
| Print article | This entry was posted by PreparedPC on October 15, 2008 at 7:03 am, and is filed under Security and Privacy, Web Browsing. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
- Comments (0)