ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Adobe investigates clipboard Flash attacks

Investigations are under way after Mac and Windows users reported their clipboards were hijacked.

By Asavin Wattanajantra, 21 Aug 2008 at 12:48

gallery

Adobe is currently investigating a "clipboard attack" involving its Flash Player, where Flash banner ads have been used to hijack clipboards.

The attack puts a weblink into the users’s clipboard. If followed this leads to a website selling fake anti-virus software. The code has been found in Flash-based ads found on legitimate websites, reportedly including websites Newsweek and Digg.

Mac, Windows and Linux users running Internet Explorer, Firefox and Safari are said to have been affected.

The attack works by exploiting Adobe Flash files which are used to make display adverts. If the attack is successful it will endlessly delete other text from the clipboard and insert the malicious link in its place.

It is possible to see the effects of this attack from a harmless exploit test page by security researcher Aviv Raff. The aim is to show how easy it is to use Flash with ActionScript code to load a malicious URL onto a targeted clipboard.

If you click on this link and try to paste the contents of the clipboard it will come out as http://www.evil.com. If you try to copy something else it will still have the link http://www.evil.com and will do this continually. (Be warned that you will have to close the browser window or the tab with the exploit page to make it go away).

Adobe said on its Product Security Incident Response Team blog: “Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide.”

Email to a friend

Print this page

< Previous   Security : News Next >

Office 365: A complete Guide

Be the first to comment on this article

You need to Login or Register to comment.

    You may also like...

 Sponsored Links

advertisement

    You may also like...

    Latest Security Analysis & Insight

passwords

What is your password worth?

Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.

Read more

 

More Security Analysis & Insight

    Latest Security Reviews

Check Point 2210 Appliance

Check Point 2210 Appliance review

Rating: 4

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.

Read more

 

More Security Reviews

advertisement

    Most popular

    Latest News Videos in Security

Data protection

IT PRO Podcast: Are UK data protection laws flawed?

Play IT PRO Podcast: Are UK data protection laws flawed?   Play

We bring in two experts to talk about the problems with UK data protection law and the way it is managed.

 

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Sponsored Links
Advertisement