Adobe investigates clipboard Flash attacks

Investigations are under way after Mac and Windows users reported their clipboards were hijacked.

Adobe is currently investigating a "clipboard attack" involving its Flash Player, where Flash banner ads have been used to hijack clipboards.

The attack puts a weblink into the users's clipboard. If followed this leads to a website selling fake anti-virus software. The code has been found in Flash-based ads found on legitimate websites, reportedly including websites Newsweek and Digg.

Mac, Windows and Linux users running Internet Explorer, Firefox and Safari are said to have been affected.

The attack works by exploiting Adobe Flash files which are used to make display adverts. If the attack is successful it will endlessly delete other text from the clipboard and insert the malicious link in its place.

Advertisement - Article continues below
Advertisement - Article continues below

It is possible to see the effects of this attack from a harmless exploit test page by security researcher Aviv Raff. The aim is to show how easy it is to use Flash with ActionScript code to load a malicious URL onto a targeted clipboard.

If you click on this link and try to paste the contents of the clipboard it will come out as If you try to copy something else it will still have the link and will do this continually. (Be warned that you will have to close the browser window or the tab with the exploit page to make it go away).

Adobe said on its Product Security Incident Response Team blog: "Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Server & storage

Synology FlashStation FS3400: Same old, same old

9 Jan 2020

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020