IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Adobe investigates clipboard Flash attacks

Investigations are under way after Mac and Windows users reported their clipboards were hijacked.

Adobe is currently investigating a "clipboard attack" involving its Flash Player, where Flash banner ads have been used to hijack clipboards.

The attack puts a weblink into the users's clipboard. If followed this leads to a website selling fake anti-virus software. The code has been found in Flash-based ads found on legitimate websites, reportedly including websites Newsweek and Digg.

Mac, Windows and Linux users running Internet Explorer, Firefox and Safari are said to have been affected.

The attack works by exploiting Adobe Flash files which are used to make display adverts. If the attack is successful it will endlessly delete other text from the clipboard and insert the malicious link in its place.

It is possible to see the effects of this attack from a harmless exploit test page by security researcher Aviv Raff. The aim is to show how easy it is to use Flash with ActionScript code to load a malicious URL onto a targeted clipboard.

If you click on this link and try to paste the contents of the clipboard it will come out as http://www.evil.com. If you try to copy something else it will still have the link http://www.evil.com and will do this continually. (Be warned that you will have to close the browser window or the tab with the exploit page to make it go away).

Adobe said on its Product Security Incident Response Team blog: "Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Adobe forced to patch its own failed security update
bugs

Adobe forced to patch its own failed security update

18 Feb 2022
The pros and cons of flash storage
flash storage

The pros and cons of flash storage

31 Jan 2022
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022