Feross Aboukhadijeh, a Stanford University student revealed an Adobe Flash vulnerability yesterday that would unknowingly activate the webcam and microphone of a users computer. The problem is in the Flash settings manager on Adobe’s servers. Thus, this issue doesn’t require a software update. Adobe said they are aware of the issue and it would be fixed within the week. The attack is administered by “clickjacking” which involves hiding code in commonly clicked areas of a website. That click, then initiates something else to happen. In this case, the computer camera and microphone could be turned on without the users knowledge. This attack theoretically could be administered on every OS but the Stanford student is confident that an attack would be highly unlikely if an update is published within the week as Adobe previously stated.

This hasn’t been the first time that vulnerabilities have been found in the Flash software. Its well known as being buggy and poorly written. Use of Flash is starting to phase out to HTML5 however its still commonly found on online gaming and TV viewing sites. I would suggest running a Flash blocking ad-on in your browser. Not only does it fix all Flash issues, it prevents most ads from running which is a nice bonus.


2 thoughts on “Clickjacking

  1. I’ve always had to authorize Flash to use my webcam, is this not the case with this vulnerability?

Comments are closed.