Adobe Flash Player Clickjacking Vulnerability

Dante send me a link to an interesting article that describes the latest Adobe Flash Player vulnerability. Adobe published a security advisory yesterday that describes a clickjacking vulnerability. In short: An attacker could lure the unsuspecting user into clicking on a link that would give the attacker access to the computer's microphone and webcam without the user's knowledge.

Adobe published a temporary workaround to protect the computer system against this form of attack that users should apply until the release of a patch that fixes the critical issue permanently on computer systems.

To apply the workaround users should visit the Flash Player's Settings Manager by following the link. There they should click on the Always Deny button which prevents any website from accessing the microphone and webcam settings. This obviously is only necessary if you have a microphone or webcam connected to your computer, if you do not, there is nothing to worry about since exploiting the issue on systems without won't do the attackers any good due to a lack of hardware they can make use of then.

The new setting has to be confirmed in the popup that appears automatically after clicking on the Always deny button. The patch is said to be available before the end of October.

Update: Adobe has patched the issue and users of the flash player plugin are again safe from the attack. It is recommended to check your Flash Player version regularly to make sure you have the latest version of the program installed on your PC. The link in the last sentence leads to a page on Adobe's official website where the Flash Player version installed is displayed. The page furthermore lists the latest versions of Flash Player for all supported operating systems, so that you only need to compare your version to the version for your operating system to see if you are running the latest.

Advertisement