ID: IRCNE2011101294
Date: 2011-10-22
According to "zdnet", Adobe has fixed a privacy invasion flaw in Flash that allowed remote spies to turn on a computer user’s webcam via a rigged web site.
The vulnerability, discovered and documented by researcher Feross Aboukhadijeh, is a variation of the clickjacking technique and could be used to turn on a webcam and microphone direct from a web site without the user’s knowledge or consent.
Adobe says the issue is now fixed. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website, no user action or Flash Player product update are required.
- 2