A flaw in Adobe Flash allows you to remotely activate the we
In recent months Adobe Systems has had to address several vulnerabilities in its products, the last of them has been a failure that Flash could allow cybercriminals (or cyberspies) activate the webcam and microphone of the victims.
This new vulnerability has been discovered by a student at Stanford University, Feross Aboukhadijeh, who sounded the alarm via your own blog and posted a video to demonstrate the existence of the fault.
To carry out this attack used the technique known as "clickjacking" that has become popular on social networks like Facebook and basically consists of tricking users malicious code hiding in parts of the pages that are seemingly harmless as a botton"I like "Facebook.
In this case, the code was hidden in a series of buttons on a game so that when the victim press those buttons will activate the webcam or microphone without being conscious.
The company has acknowledged the existence of this security issue, but clarified that the problem is in Flash Player Settings Manager Adobe's servers and not the software or the computers of users.
In this sense, they say they have already found the source of vulnerability and have managed to fix it. "We have solved the problem with a change in the Flash Player Settings Manager SWF hosted on Adobe's web site", according to the company, "does not require any user action or update Flash".