Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Adobe Flash and clipboard attacks – changes on the way

September 19th 2008 in Uncategorized

Adobe have blogged about changes being made to Flash to address various security issues, including the Flash clipboard attacks that received so much press attention not that long ago.

Blog article here:
http://blogs.adobe.com/psirt/2008/09/clipboard_attack_update.html

Devnet article:
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

 

The changes:

In Flash Player 9, ActionScript could perform uploads and downloads at any time. With Flash Player 10 beta, the FileReference.browse and FileReference.download operations may be initiated only through ActionScript that originates from user interaction. This includes actions such as clicking the mouse or pressing the keyboard.

In Flash Player 9, ActionScript could set data on the system Clipboard at any time. With Flash Player 10 beta, the System.setClipboard() method may be successfully called only through ActionScript that originates from user interaction. This includes actions such as clicking the mouse or using the keyboard. This user interaction requirement also applies to the new ActionScript 3.0 Clipboard.generalClipboard.setData() and Clipboard.generalClipboard.setDataHandler() methods.

New to Flash 10:  In Flash Player 9, the system Clipboard could not be read at any time. With Flash Player 10 beta, the new ActionScript 3.0 method Clipboard.generalClipboard.getData() may be used to read the contents of the system Clipboard, but only when it is called from within an event handler processing a flash.events.Event.PASTE event.

Tightening of cross-domain policies – meta-policy default changed from “all” to “master-only”.

 

It will be very interesting to see how this affecting the world of malvertizing.


Comments are closed.

Newly registered via Directi … cid38.mobi cid38.mobi is hosting a copy of a legitimate web site – note the URL in the address bar: And here is the real site – again, note the site in the address bar:  

Previous Entry

And they’re not happy… The question is, where will Atrivo/Intercage’s infamous clientele go?  The hostexploit.com study that was at the centre of this maelstrom can still be found at the URL below (a PDF, just under 2 megabytes in size): http://hostexploit.com/downloads/Atrivo%20white%20paper%20090308ad.pdf  

Next Entry

Archives