It’s no secret that Adobe Flash Player’s glory days are over. Over the last year at least, more and more bugs and oddities have been discovered within the program’s coding, and some of them are very serious. And now, due to the company’s attempt to implement the same-origin policy in order to make life easier for users, they’ve actually made it worst and created the worst security threat the program has been plagued with so far.
As per reports of experts that analyzed Adobe Flash Player for bugs, due to the same-origin policy, attackers can potentially spy on users through their inbuilt microphones and cameras on their devices. This vulnerability is so easy to exploit because it gives attackers the luxury of not needing special privileges in order to access data.
While the same-origin policy was a good idea in theory, it was poorly executed and thus led to such unwanted complications. Adobe Flash Player actually fails in implementing the policy correctly, which facilitates any attacker’s endeavor to hijack the permission granted to other Flash applets through the policy’s encryption.
So, for example, if you visit a chatting website that also has incorporated video, and the website naturally asks for your permission to use your webcam and microphone, a malicious third party can easily hijack that permission and spy on you at ease. However, the vulnerability can only be exploited by a hacker with access to the local system, but it’s still very dangerous and makes us question whether we want Adobe Flash Player in our lives anymore.
Adobe tried to fix the issue and until now, it seems they managed to. Version 220.127.116.11 comes with an inbuilt security patch that takes care of the same-origin policy vulnerability. However, such events make one wonder about Adobe’s overall reliability in the online medium.