|
|
Tweet |
|
This day has started with scientific news from Stanford: a computer scientist Feross Aboukhadijeh ’11 has announced his discovery of a bug in Adobe Flash Player. This bag allowed malicious websites access a Flash user’s webcam and microphone. According to the scientist, for 2 weeks Adobe company haven’t responded to his message. He reason for the silence is that the employee he emailed had been on sabbatical, but being unaware of it, Aboukhadijeh openly posted about his discovery. 
Through Adobe Product Security Incident Response Team (PSIRT) monitoring activities, Adobe became aware of this post and the problem and fixed the glitch within two days of becoming aware of the bug. The bug attacked a user’s webcam and microphone and an attacker could trick a Flash user into changing his or her settings online.
Such a technique is known as a “clickjacking” and means the situation when the attacker puts the settings in an invisible window placed over a part of the site where the user is supposed to make many clicks and change settings. It is so natural - you are just playing a game, but actually you change you settings and allow attackers to access your webcam. One of the worst ways to implement this technique is to promote some information for the government. It is not so crucial for democratic countries, but if you are a dissident in a country with a repressive government you can accidently send your pictures, as well as those nearby.
Still there are no accidents of such an attack registered.
NB! Usage of flash tools and applications can not provoke such attacks!