When we first wrote up clickjacking we noted that the "...proof of concept code was said to affect every major browser and 'an Adobe product' (Flash? Acrobat?)" Turns out it was Flash.
Now Adobe has revealed a workaround for the attacks, which can trick a user into clicking on a link or dialog box unwittingly. Adobe Flash Player 9.0.124.0 (the current version) and earlier are affected. The Flash player's camera and microphone access dialog are the problem, and the workaround involves denying interactive access to them through Flash. There is a workaround to the workaround in which specific sites may be allowed access.
Adobe says that a true fix will be available before the end of October. (story Link)
No comments:
Post a Comment