Adobe investigates clipboard Flash attacks

Investigations are under way after Mac and Windows users reported their clipboards were hijacked.

Adobe is currently investigating a "clipboard attack" involving its Flash Player, where Flash banner ads have been used to hijack clipboards.

The attack puts a weblink into the users's clipboard. If followed this leads to a website selling fake anti-virus software. The code has been found in Flash-based ads found on legitimate websites, reportedly including websites Newsweek and Digg.

Mac, Windows and Linux users running Internet Explorer, Firefox and Safari are said to have been affected.

The attack works by exploiting Adobe Flash files which are used to make display adverts. If the attack is successful it will endlessly delete other text from the clipboard and insert the malicious link in its place.

It is possible to see the effects of this attack from a harmless exploit test page by security researcher Aviv Raff. The aim is to show how easy it is to use Flash with ActionScript code to load a malicious URL onto a targeted clipboard.

If you click on this link and try to paste the contents of the clipboard it will come out as http://www.evil.com. If you try to copy something else it will still have the link http://www.evil.com and will do this continually. (Be warned that you will have to close the browser window or the tab with the exploit page to make it go away).

Adobe said on its Product Security Incident Response Team blog: "Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
IBM teams with Adobe and Red Hat to drive personalized customer experiences
Cloud

IBM teams with Adobe and Red Hat to drive personalized customer experiences

20 Jul 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020