Comments for Adobe Flash Clipboard Hack (http://www.insideria.com/2008/09/adobe-flash-clipboard-hack.html)

Adobe Flash Clipboard Hack

2008-09-22T15:09:18Z

Although this was first brought to the attention of the world on August 18th in a ZDNet article, "Adobe Flash ads launching clipboard hijack attack", it seems little has been said about it since.

Apparently there is a mechanism by which a Flash movie can insert any kind of content into the clipboard. You can see it demoed here (warning once you click on this link you'll need to close down your browser if you want to use your clipboard again).

It's really spooky. While writing this blog I copied on the above demo URL and when I tried to paste into this blog entry all I got was (http://www.evil.com) instead. And the clipboard is hijacked across all applications - not just your browser.

The good news is that Adobe plans to fix this with the release of Adobe Flash Player 10. The bad news is that that everyone who uses Flash can be victimized by this attack until Flash player 10 is released (its in pre-release now). Short of uninstalling all players proceeding Flash Player 10, I'm not sure if there is any way to avoid getting your clipboard hijacked.

Comment from Quentin on 2008-09-22

2008-09-22T16:23:30Z

AVAST detected the threat, which is cool.

Comment from Adrian Parr on 2008-09-22

2008-09-22T19:17:32Z

Yeah, I got that too. I wonder how Avast picked it up?

Screenshot here ...

http://www.adrianparr.com/images/avast_warning.gif

Comment from Rich Tretola on 2008-09-22

2008-09-23T01:39:26Z

I am running Flash Player 10 and I get an error on the test site so I assume this is blocking the hack. It does occur on Flash Player 9

Error: Error #2176: Certain actions, such as those that display a pop-up window, may only be invoked upon user interaction, for example by a mouse click or button press.
at flash.system::System$/setClipboard()
at test_fla::MainTimeline/setClip()
at Function/http://adobe.com/AS3/2006/builtin::apply()
at SetIntervalTimer/onTimer()
at flash.utils::Timer/_timerDispatch()
at flash.utils::Timer/tick()

Comment from Dillon on 2008-11-10

2008-11-11T02:20:54Z

Avast shivers me timbers. Arrg! Another virus blown out of the water!

Comment from Mandy on 2008-11-14

2008-11-14T08:48:13Z

Clickjacking has been fixed now already. People using it for the old copy clipboard function (which Flash 10 broke) should look for other solutions. I saw a good example here:

http://groups.google.com/group/Snipurl/web/copy-to-clipboard-not-working

Comment from dear hi all on 2009-01-09

2009-01-09T09:27:27Z

AJAX does have its own category. As there ankara nakliyat are many AJAX frameworks (dojo, YUI, prototype, jQuery, Ext JS, etc). We simply ankara nakliyat chose to include AJAX as a single choice. Perhaps a future poll can drill into individual AJAX framework preferences among developers.

Comment from ankara evden eve nakliyat on 2009-03-19

2009-03-19T08:32:08Z

Clickjacking has been fixed now already. People using it for the old copy clipboard function ankara nakliyat (which Flash 10 broke) should look for other solutions. I saw a good example here:

Comment from Nakliyat firmaları on 2009-04-19

2009-04-19T11:33:46Z

Transportation of ankara moving express

Comment from ev taşıma on 2009-07-02

2009-07-02T14:35:55Z

Clickjacking has been fixed now already. People using it for the old copy clipboard function (which Flash 10 broke) should look for other solutions

nakliyat

Comment from ankara aslanlar nakliyat on 2009-07-23

2009-07-23T19:22:07Z

Clickjacking has been fixed now already. People using it for the old copy clipboard function ankara aslanlar nakliyat (which Flash 10 broke) should look for other solutions. I saw a good example here: