Recently, a questionable Flash feature of writing to the user’s clipboard has been exploited. Adobe will finally fix this feature and it’ll require user interaction (mouse/keyboard click) in the upcoming Flash 10. IMHO the people in charge of the Flash Player security have chosen the best option, »
Update: Added a sterilized demo and the source code. CSRF (Cross Site Request Forgery) is considered one of the most widely spread exploits in websites today. I’ve written before about how a legitimate Flash file (swf) can be extremely viral. Few days ago I did a real attack, exploiting »
Update: I’ve posted a real world example of this bug being exploited. This one has the same behavior on IE6, IE7 and IE8 betas. I have only tested this with Flash swf files, but it’s likely that this security is applied and broken the same way, when navigating »
Update: You need to check the website to see what I’m talking about The police (not the band) in general is a problematic institute. Giving average (and below) humans an excessive power and it’s likely that this power will get badly abused. I’ve always considered the Israeli »
Update: Adobe Product Security Incident Response Team (PSIRT) has referred to this “Clipboard attack” Update 2: Aviv Raff has updated me about the fact that it won’t be that easy to replicate this attack using Javascript on the latest browsers and with the default security settings. Thanx. Lately there »