BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Adobe Flash Clickjacking Vulnerability

Disclosed August 20, 2011    Fully Patched

Vulnerability Description:

Adobe Flash in Chrome and Internet Explorer allows malicious websites to create transparent Flash objects which allow access to the camera and audio resources. Users may inadvertently click on transparent Flash objects, enabling resources that may expose sensitive information to attackers. 

Vendors:

Adobe, Google

Vulnerable Software/Devices:

Adobe Flash in Chrome and Internet Explorer

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 19257 - Google Chrome Clickjacking Vulnerability (20130626) - UNIX/Linux
  • 19416 - Google Chrome Clickjacking Vulnerability (20130626) - Windows
  • 19417 - Google Chrome Clickjacking Vulnerability (20130626) - Mac OS X
  • 19418 - Google Chrome Clickjacking Vulnerability (20130626) - ThinApp

Mitigation:

Disable Flash in Chrome and Internet Explorer. Additionally, disable webcams or microphones when not in use.

Links:


CVE(s):

None