Thursday Adobe said (opens in new tab) that it resolved a nasty "clickjacking" Mac-only issue with Adobe Flash that allowed websites to access a visitor’s webcam without permission. The company said the problem actually resided within the Flash Player Settings Manager SWF file hosted on the Adobe website. No further details were released other than user intervention and/or Flash Player product updating is not required.
The exploit was first exposed on Tuesday by researcher and Stanford computer science major Feross Aboukhadijeh. He discovered that webcam and microphone abduction was performed by using a variation of the normal clickjacking technique. He reportedly told Adobe about the gaping hole after it was first discovered, but once a few weeks passed by without any kind of response, he decided to bring the exploit out in the open to force Adobe's hand.
Looks like it worked.
"I stumbled upon this blog post entitled 'Malicious camera spying using ClickJacking' where the author shows how to clickjack the Adobe Flash Settings Manager page to enable users’ webcams," Feross said on Tuesday. "He accomplishes this by putting the whole settings page into an iframe and making it invisible. Then, unsuspecting users play a little game and unwittingly enable their webcams. Adobe quickly added framebusting code to the Settings Manager page (why wasn’t it there in the first place?), and the attack stopped working."
But now there's nothing to fear, Mac users: Adobe has supposedly fixed the problem. Still, for those interested on how the webcam kidnapping worked, Feross has provided a 5-minute demonstration, as seen below.
Funny to hear Apple fans say that Macs don't get viruses though :D
Do Mac users still say that? People also used to say the Earth was flat.
And yes Macs used to ship without the firewalls turns on, but I believe that has changed now. At least, the firewalls were turned on the 7 Mac Pros I set up this past week at work.
But anyway, at least Adobe is working on it.
Ragnar-KonIt is a myth. In a way they are more secure, but only because there is simply less people making viruses for them, and less users to spread those viruses.And yes Macs used to ship without the firewalls turns on, but I believe that has changed now. At least, the firewalls were turned on the 7 Mac Pros I set up this past week at work.But anyway, at least Adobe is working on it.
I guess, though it seems as though a Mac exploits can be extremely lethal. Invasion of privacy through a webcam is pretty extreme for exploits, not to mention the exploding battery exploit. They still seem unlikely to spread and become common issues.
Halcyon, STOP defending Mac users. You don't realise you're an exception. Most of Mac users ARE ignorant illiterate arrogant stubborn zombies who refuse to understand the fact their favourite fruity company is brainwashing them to believe in their innovation instead of really innovating. Defending them - especially in the manner you do - makes you look like a fool, and from all your posts in our home thread I know you aren't, so I don't see why you have to do this.
Yeah if you believe all that, there is no hope for you, but you're probably too busy playing Angry Birds on your iPhone to even read this, much less understand how technology actually works.
btw: He says it doesn't work "on most browsers on Windows". Does that mean it works on at least one?
AbdullahGI guess, though it seems as though a Mac exploits can be extremely lethal. Invasion of privacy through a webcam is pretty extreme for exploits, not to mention the exploding battery exploit.
Accessing the webcam is actually less extreme than an exploit that allows you to hijack a computer. (Which is the goal of most exploits)
The exploding battery exploit was a myth. Nobody actually managed to blow up a battery by modifying the firmware.