/>
X

Adobe fixes webcam hijack Flash flaw

Researcher documents a variation of the clickjacking technique that could be used to turn on a webcam and microphone direct from a web site without the user's knowledge or consent.
ryan-naraine.jpg
Written by Ryan Naraine on

Adobe has fixed a privacy invasion flaw in Flash that allowed remote spies to turn on a computer user's webcam via a rigged web site.

The vulnerability, discovered and documented by researcher Feross Aboukhadijeh, is a variation of the clickjacking technique and could be used to turn on a webcam and microphone direct from a web site without the user's knowledge or consent.

In this video, Aboukhadijeh documents the attack scenario:

Adobe says the issue is now fixed:

Adobe is aware of a report describing a clickjacking issue related to the online Flash Player Settings Manager. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required.

If, like me, you are paranoid about these kinds of bugs activating your webcam, do the smart thing and put a sticky over the camera.  Matter solved.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one
img-1724

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

Electric Vehicles
How to spot a deepfake? One simple trick is all you need
facial-recognition

How to spot a deepfake? One simple trick is all you need

AI & Robotics