Mac clipboard exposed to fake URLs

Posted on 20 Aug 2008 at 15:24

Mac users are at risk from a security vulnerability that allows malicious websites to infect the clipboard.

The problem occurs when users try to copy a URL from a perfectly legitimate site to later paste elsewhere. While a URL is copied, it is not the one that the user selected. Instead it points to sites that claim to have discovered an infection on the user’s computer and offer to remove it — for a price.

Security company Sophos believes that the problem lies with a vulnerability in the widely used Flash plugin - which the attackers are exploiting by placing bogus Flash ads on the innocent sites.

“The fact that victims report experiencing these issues after browsing legitimate, popular sites, suggests that malicious Flash is the culprit,” said Fraser Howard from SophosLabs in the UK. “The attackers are probably using the setClipboard() method within ActionScript embedded in Flash content. Maybe the attackers have poisoned some ad-stream as a way of hitting large volumes of users?”

Because URLs are often copied for pasting into instant messages or emails, the malicious link is just as likely to be opened by a friend, colleague or, worst still, a client. Until Adobe releases a fix, the Show Clipboard option in the Finder’s Edit menu can be used to check that the correct URL has been copied.

The issue also affects Windows.

Author: Simon Aughton

Get more reviews, tutorials and in-depth advice, every month with Computer Shopper.
Click here to try 3 issues for £1

< Previous News : General Next >

Be the first to comment on this article

You need to Login or Register to comment.