A security researcher in Israel has released a demo of a “clickjacking” attack, using an JavaScript game to turn every browser into a surveillance zombie.
The release of the demo follows last month’s partial disclosure of the cross-platform attack/threat, which affects all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.
October 8, 2008 (Computerworld) Adobe Systems Inc. warned users Tuesday that hackers could use recently reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web camera.
Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly innocent clicks that, in reality, would be used to grant the site access to the computer's webcam and microphone without the user's knowledge.
Adobe rated the vulnerability as "critical," its highest threat ranking.
Hansen noted that MACS are particularly vulnerable to the Flash clickjacking attack, since all recent Apple notebooks and desktop systems include built-in cameras and microphones.
ref. copy pasted from
Webcam hijack demo highlights clickjacking threat | Zero Day | ZDNet.com
'Clickjackers' could hijack webcams, microphones, Adobe warns
Is it just me catching on, or is this some serious ****.
I know that worms have been able to hijack webcams on PC for a couple of years, but this method is scary. Could be an invisible button on eBay, wherever a user can make a javascript.
I switched to mac to be safe, now I read that APPLE recomends that mac users use several antivirus. Have their arrogance provoked hackers worldwide to aim for mac users?
The release of the demo follows last month’s partial disclosure of the cross-platform attack/threat, which affects all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.
October 8, 2008 (Computerworld) Adobe Systems Inc. warned users Tuesday that hackers could use recently reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web camera.
Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly innocent clicks that, in reality, would be used to grant the site access to the computer's webcam and microphone without the user's knowledge.
Adobe rated the vulnerability as "critical," its highest threat ranking.
Hansen noted that MACS are particularly vulnerable to the Flash clickjacking attack, since all recent Apple notebooks and desktop systems include built-in cameras and microphones.
ref. copy pasted from
Webcam hijack demo highlights clickjacking threat | Zero Day | ZDNet.com
'Clickjackers' could hijack webcams, microphones, Adobe warns
Is it just me catching on, or is this some serious ****.
I know that worms have been able to hijack webcams on PC for a couple of years, but this method is scary. Could be an invisible button on eBay, wherever a user can make a javascript.
I switched to mac to be safe, now I read that APPLE recomends that mac users use several antivirus. Have their arrogance provoked hackers worldwide to aim for mac users?