Godlike Productions Banner
07:18 AM
Join Now, Free! (& No Ads) | FAQ | Links | Link to Us
 New! GLP YOUTUBE CHANNEL | GLP Radio! | Contact
ForumDiscussion TopicsAdvanced SearchNewsGallery
ForumTopicsAdv. SearchNewsGallery

News

  Wednesday, November 19, 2008  
  Breaking News     Back
Creepy Clickjacking Bug Lets Hackers Control Webcams

Tech News World

2008-10-09

A Flash Player vulnerability could allow attackers to gain control of a user's webcam and microphone, according to a security advisory issued by Adobe. The company has issued a workaround; however a patch won't come until later. As always, Web surfers should be careful where they're clicking.

Software maker Adobe (Nasdaq: ADBE) Latest News about Adobe issued a security advisory Tuesday warning users of its Adobe Flash Player about a vulnerability that could expose them to so-called clickjacking attacks.

Adobe has rated the issue as "critical." The vulnerability is pervasive, affecting all major browsers including Microsoft's (Nasdaq: MSFT) Latest News about Microsoft Internet Explorer, Apple's (Nasdaq: AAPL) Latest News about Apple Safari and Mozilla's Latest News about Mozilla Foundation Firefox.

While Adobe has not issued a patch for the bug, it has included a workaround in the advisory. The company hopes to address the vulnerability in an upcoming Flash Player update, scheduled for release by the end of October.

Adobe credits security researchers Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela and Matt Mastracci of DotSpots as well as Liu Die Yu for reporting the vulnerability.
Hijacking Clicks

Clickjacking has been around for a while, according to Chris Rodriguez, an analyst at Frost & Sullivan.

"[Clickjacking] comes in many different forms. It has been greatly overlooked by the security community and the criminal community alike. Recently, researchers have demonstrated the dangers of this threat through an Adobe Flash Player vulnerability that would allow an attacker to gain control of a user's microphone and webcam," he told TechNewsWorld.

The exploited vulnerability poses a risk when an attacker is able to trick a user into unwittingly clicking on a link or dialog, according to Adobe.

Clickjacking is usually done by using invisible buttons to get a user to click on something unintentionally, Rodriguez explained.

"However, Adobe's security bulletin is in response to some really nefarious stuff that has been a hot topic lately. Someone has figured out how to use clickjacking to gain access to the user's microphone and webcam. Now that's some scary stuff," he continued.
Celebrity Vulnerabilities

The problem with this and other high-profile security flaws is that they "are quickly weaponized -- in as little as a week, or less," said Rodriguez.

"More importantly, Adobe has only provided a workaround and has not released a patch. Even when a fix is available, Adobe Flash updates are not usually a part of enterprise World Class Managed Hosting from PEER 1, Just $299. Click here. patch management cycles. We expect that Adobe is working around the clock to fix this problem and until then, users are at risk unless they research, understand and take the recommended measures against this threat," he added.

As Web browsers become more advanced, these types of threats will continue, according to Phil Hochmuth, a Yankee Group analyst.

"As browsers continue to take on the role of traditional desktop applications, and even desktop operating environments, the increased complexity of plug-ins and browser enhancement tools will no doubt lead to more exploitable flaws and vulnerabilities," he told TechNewsWorld.

  Email Article

  Discuss in the Forum

Back

Vote for Us!
Vote For Godlike Productions!
Vote for Us!  Valid HTML 4.01 Transitional



Disclaimer:
This website exists for entertainment purposes only. The reader is responsible for discerning the validity, factuality or implications of information posted here, be it fictional or based on real events. Moderators on this forum make every effort to review the material posted on this site however, it is not realistically possible for our small staff to manually review each and every one of the more than 5000 posts GodlikeProductions gets on a daily basis. The content of posts
on this site, including but not limited to links to other web sites, are the expressed opinion of the original poster and are in no way representative of or endorsed by the owners or administration of this website. The posts on this website are the opinion of the specific author and are not statements of advice, opinion, or factual information on behalf of the owner or administration of GodlikeProductions. This site may contain adult content and if you feel you might be offended by such content, you should log off immediately.

Not all posts on this website are intended as truthful or factual assertion by their authors. Some users of this website are participating in internet role playing, with or without the use of an avatar. NO post on this website should be considered factual information on face value alone. Users are encouraged to USE DISCERNMENT and do their own follow up research while reading and posting on this website. Godlikeproductions.com reserves the right to make changes to, corrections and/or remove entirely at any time posts made on this website without notice. In addition, Godlikeproductions.com disclaims any and all liability for damages incurred directly or indirectly as a result of a post on this website.

This site is provided "as is" without warranty of any kind, either expressed or implied. You should not assume that this site is error-free or that it will be suitable for the particular purpose which you have in mind when using it. In no event shall Godlikeproductions.com be liable for any special, incidental, indirect or consequential damages of any kind, or any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.

Some events depicted in certain posting and threads on this website may be fictitious and any similarity to any person living or dead is merely coincidental. Some other articles may be based on actual events but which in certain cases incidents, characters and timelines have been changed for dramatic purposes. Certain characters may be composites, or entirely fictitious.

We do not discriminate against the mentally ill!

Fair Use Notice:
This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to civil rights, economics, individual rights, international affairs, liberty, science & technology, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C.Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.
For more information please visit:
http://www.law.cornell.edu/uscode/17/107.shtml

This Disclaimer is subject to change at anytime.

Mail Webmaster with questions or comments about this site.

Page generated in 0.014s (1 queries)