Adobe fixes webcam hijack Flash flaw

Adobe fixes webcam hijack Flash flaw

Summary: Researcher documents a variation of the clickjacking technique that could be used to turn on a webcam and microphone direct from a web site without the user's knowledge or consent.

SHARE:

Adobe has fixed a privacy invasion flaw in Flash that allowed remote spies to turn on a computer user's webcam via a rigged web site.

The vulnerability, discovered and documented by researcher Feross Aboukhadijeh, is a variation of the clickjacking technique and could be used to turn on a webcam and microphone direct from a web site without the user's knowledge or consent.

In this video, Aboukhadijeh documents the attack scenario:

Adobe says the issue is now fixed:

Adobe is aware of a report describing a clickjacking issue related to the online Flash Player Settings Manager. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required.

If, like me, you are paranoid about these kinds of bugs activating your webcam, do the smart thing and put a sticky over the camera.  Matter solved.

Topics: Browser, Enterprise Software, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Sticky leave the built-in mics vulnerable!

    Wish they all had a hardware switch for foolproof override!
    kd5auq
    • RE: Adobe fixes webcam hijack Flash flaw

      @kd5auq Mine has a software block. The Dell machines I have, have the Dell Webcam Central program installed on them, which actually has a parental control thing on it which prevents the camera from being activated at least. It's a small hurdle to clickjacks like this. That being said, my webcam has a little light next to it that comes on if the webcam is activated and that comes in handy for determining if it's on or not.
      ZazieLavender
  • USB plugged in to the front panel unplugs just as easily

    n/t
    Hempman