Leapfrog connect adobe flash problems full#
“Any malware exploiting these vulnerabilities would be able to gain full access to the device – allowing an attacker activate the built-in microphone, monitor your child’s activity and even take pictures of them using both the front and rear facing cameras on the device.”Ĭlearly, LeapFrog has a long way to go towards protecting its products.Ĭarthy recommends that the company institute mandatory updates upon initial device configuration and replace Adobe Flash with HTML 5.
The security risks that ensue from that oversight are scary, to be sure: But this happened only after he had connected the toy to his computer – something which other parents might never do.
Leapfrog connect adobe flash problems update#
To LeapFrog’s credit, the LeapPad made the update mandatory for Carthy to continue using the Connect application. This version contains a well known vulnerability that could allow an attacker to execute arbitrary code on a machine. Upon plugging it in I was prompted to download an application called LeapFrog Connect – which once installed asked me to update Adobe Flash from the current version, which I discovered to be 19.0.0.185.” “Within minutes I had the box wired into my machine. To his surprise, when he attempted to load up the address on his laptop, it proceeded to do so without so much as a hiccup.Īt that point, Carthy turned his attention to how the video content was being served up on the page: One ARP cache poisoning attack campaign later, the security expert had obtained the IP address to an AWS server. This web browser consisted of a single page that delivers video and gaming content via a remote server. Right when he thought playtime was over, Carthy recalled that the tablet had an application that resembles a web browser. Two Nmap scans yielded nothing except the fact that the device responded to ICMP Echo requests. But when he learned that LeapFrog had recently been acquired by VTech, which is still presumably working to harden its security following a hack late last year, the security expert couldn’t contain his excitement.
0 kommentar(er)
