Microsoft Edge lets Facebook run Flash code behind users' backs

Michyon

Level 2
Thread author
Verified
May 18, 2018
50
Microsoft Edge lets Facebook run Flash code behind users' backs

Google security researcher finds secret whitelist that lets Facebook run Flash content despite Edge's normal security policies.

Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs.
The whitelist allows Facebook Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.
Prior to February 2019, the secret Flash whitelist contained 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ, just to name the biggest names on the list.

Microsoft Edge lets Facebook run Flash code behind users' backs | ZDNet Full Read.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top