Adobe Working on A Fix To Resolve Latest Flash Bug

Adobe currently is working on a solution for a Flash Player problem due to which user's web cams or microphones gets turned on without their knowledge via the clickjacking technique.

A Stanford University computer science student Feross Aboukhadijeh first discovered this problem. Clickjacking is technically user interface (UI) redressing, which is a kind of attack which is a combination of Web programming features which are legitimate for example CSS opacity and also positioning and by using social engineering skills the users are tricked to initiate any unwanted action.

A very good example of this is that recently by using clickjacking techniques Facebook users were tricked to like rogue pages and also posting spams on the users walls by turning the like and share button transparent and by superimposition of them over the legitimate pages.

In 2008 there was a webcam spying attack in which the loading of Adobe Flash Player Settings Manager was involved. The Adobe Flash Player Settings Manager is actually a web page on Adobe's website which was loaded in an invisible iframe and then the innocent users were tricked to enable access to webcam and microphone through it reports PCWorld.

Users were lured by JavaScript games that required clicking on a number of buttons some of which were game related and some other were for redirecting to the iframe which is invisible.Adobe did fix the bug at that time, but the Aboukhadijeh managed to work his way around the fix and re-exploit the bug using a different attack vector.

According to Aboukhadijeh "It works in all versions of Adobe Flash that I tested. I've confirmed that it works in the Firefox and Safari for Mac browsers ... There's a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux)".