Content Marketers » Publish Your Business Blog, Videos and Events on ALL EC » Save 25% Today!
Welcome Guest | Sign In
salesforce commerce cloud

Creepy Clickjacking Bug Lets Hackers Control Webcams

By Walaika Haskins TechNewsWorld ECT News Network
Oct 8, 2008 4:07 PM PT

Software maker Adobe issued a security advisory Tuesday warning users of its Adobe Flash Player about a vulnerability that could expose them to so-called clickjacking attacks.

Creepy Clickjacking Bug Lets Hackers Control Webcams

Adobe has rated the issue as "critical." The vulnerability is pervasive, affecting all major browsers including Microsoft's Internet Explorer, Apple's Safari and Mozilla's Firefox.

While Adobe has not issued a patch for the bug, it has included a workaround in the advisory. The company hopes to address the vulnerability in an upcoming Flash Player update, scheduled for release by the end of October.

Adobe credits security researchers Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela and Matt Mastracci of DotSpots as well as Liu Die Yu for reporting the vulnerability.

Hijacking Clicks

Clickjacking has been around for a while, according to Chris Rodriguez, an analyst at Frost & Sullivan.

"[Clickjacking] comes in many different forms. It has been greatly overlooked by the security community and the criminal community alike. Recently, researchers have demonstrated the dangers of this threat through an Adobe Flash Player vulnerability that would allow an attacker to gain control of a user's microphone and webcam," he told TechNewsWorld.

The exploited vulnerability poses a risk when an attacker is able to trick a user into unwittingly clicking on a link or dialog, according to Adobe.

Clickjacking is usually done by using invisible buttons to get a user to click on something unintentionally, Rodriguez explained.

"However, Adobe's security bulletin is in response to some really nefarious stuff that has been a hot topic lately. Someone has figured out how to use clickjacking to gain access to the user's microphone and webcam. Now that's some scary stuff," he continued.

Celebrity Vulnerabilities

The problem with this and other high-profile security flaws is that they "are quickly weaponized -- in as little as a week, or less," said Rodriguez.

"More importantly, Adobe has only provided a workaround and has not released a patch. Even when a fix is available, Adobe Flash updates are not usually a part of enterprise patch management cycles. We expect that Adobe is working around the clock to fix this problem and until then, users are at risk unless they research, understand and take the recommended measures against this threat," he added.

As Web browsers become more advanced, these types of threats will continue, according to Phil Hochmuth, a Yankee Group analyst.

"As browsers continue to take on the role of traditional desktop applications, and even desktop operating environments, the increased complexity of plug-ins and browser enhancement tools will no doubt lead to more exploitable flaws and vulnerabilities," he told TechNewsWorld.

Facebook Twitter LinkedIn Google+ RSS
salesforce commerce cloud
Does it matter to you if products you purchase are manufactured in another country?
Yes, and I will pay more for a domestically produced product.
Yes, but my shopping decisions won't change anything, so I do what's best for me.
I care, but it's impossible to keep track of where everything is made.
I want the best quality and price, regardless of country of origin.
It depends on the country. Some are OK, some aren't.
It depends on the company. I'll buy from a reputable non-domestic brand.
salesforce commerce cloud
salesforce commerce cloud