Adobe acknowledges the hijacked clipboard problem

They blogged about it not long ago - they don't say much, but they acknowledge the problem:

http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html

"We are aware of recent press reports about a potential “Clipboard attack” issue that involves Flash Player. Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide."

image

Published Wednesday, August 20, 2008 1:30 PM by sandi
Filed under: ,

Comments

# re: Adobe acknowledges the hijacked clipboard problem

Thanks.

Wednesday, August 20, 2008 6:52 PM by Bruce Goldstein

# re: Adobe acknowledges the hijacked clipboard problem

I left the following comment there 3 days ago:

---8<---

Recommendations:

1) Add a config setting to disable <I>all</I> clipboard access: that is, both reading-from and writing-to the clipboard. Alternatively, consider actually running your browser plug-in inside IE's security context, including the "sandbox" on IE7-under-Vista, and obeying IE's "Allow Programmatic clipboard access" setting. On second thought, an independent config setting might be easier.

2) Add a config setting to disable ActionScript (both globally and selectively: for example, see the "<A HREF="support.mozilla.com/.../Options+window JavaScript Settings</A>" in Firefox).

...and, while you're at it:

3) Add a stand-alone configuration screen/window/tab/panel/whatever, just like <I>every other</I> Windows program in existence has, that allows end-users to configure Flash Player settings without <A HREF="www.macromedia.com/.../settings_manager.html">having to connect to your site</A>.

---8<---

It hasn't appeared there yet. Wonder if anybody's minding the store?

Tuesday, August 26, 2008 6:03 PM by Mark Odell