Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Microsoft Edge secretly whitelisted sites running Flash Player for Facebook

Microsoft Edge secretly whitelisted sites running Flash Player for Facebook

Facebook has found itself involved in another controversy, this time a cybersecurity researcher has revealed Microsoft Edge allows Flash Player content to be played on Facebook without notifying the user.

Google Project Zero’s Ivan Fratric came across what is essentially a secret whitelist and reported it on November 26, 2018 and waited the usual 90 days before making his discovery public. In this case, the public disclosure came after Microsoft addressed the issue, CVE-2019-0641, with its February Patch Tuesday rollout. The domains on the list were enabled to play Flash content on Facebook.

What Fratric came across was the binary file C:\Windows\system32\edgehtmlpluginpolicy.bin. This contains the default whitelist of at least domains 58 domains that can bypass Flash click2play and load Flash content without getting user confirmation in Microsoft Edge in Windows 10, he wrote.

The sites that had been whitelisted range from music.microsoft.com to the gaming site www.poptropica.com to www.vudu.com along with two Facebook URLs https://www.facebook.com and https://apps.facebook.com. Post update the list has been whittled down to include only the two Facebook domains.

“The most common permission flag value (1) indicates that the site is allowed to load Flash content if: the Flash content is hosted on the same domain *OR* The element containing Flash is larger than 398×298 pixels as can be seen in FlashClickToRunHelper::DetermineControlAction,” he said.

Fratric pointed out the security issues involved with the secret whitelist. An XSS vulnerability on any of the domains would allow bypassing click2play policy. Primarily the unpatched XSS vulnerabilities contained within several of these sites and that the list contained HTTP sites which could allow a man in the middle attacker to bypass the click2play policy.

The overall danger contained in such whitelists was pointed out by Mike Bittner, digital security and operations manager at The Media Trust.

“Block/blacklists and allow/whitelists can outlive their usefulness within seconds. As soon as new malware surface — and 285,000 new ones are created every day — a blocklist’s utility takes a dive. It’s important to continuously update such lists not only to keep pace with attacks but also to ensure their accuracy so that harmless, legitimate sites aren’t needlessly blocked, he said.

Adobe announced in July 2017 it will end support for Flash in 2020. The application receives a steady stream of security updates and has been banned from many browsers.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket