Flash Clipboard Hijack

Apparently there are some malicious Adobe Flash ads out there that can hijack your browser clipboard. The issue affects Linux, Windows and OS X; Firefox, Safari and Internet Explorer — basically any client that relies on the Adobe Flash plugin. If you don’t believe it, check out the proof of concept (you have been warned). That particular site hijacks your clipboard with “http://evil.com”.

I saw this today when my browser (Firefox 3.0.1 — latest on Windows XP — patched) wouldn’t let me copy and paste text. It would be the same potentially malware [http://windowsxp-privacy.com/?id=…] result every time I CTRL-V’d. After some digging around, I realized that it was localized to my browser (I thought for sure it was a system issue at first), so to fix the issue, I closed the browser and re-opened. The issue was resolved.

Considering the manual effort required to update Flash, combined with the fact that I usually only install Flash when a computer is built and never update it, this leads me to believe this issue is widespread and not going to be fixed anytime soon. It’s a minor annoyance, but still, a pretty neat little exploit.

Leave a Comment