A Stanford computer science student named Feross Aboukhadijeh has uncovered a pretty major security hole in Adobe Flash, in which somebody could turn on your Mac’s webcam and mic and save that video for whatever nefarious purposes. Oh good.
Basically Adobe has a web page you can access that allows you to determine which sites can have access to your webcam and mic. There is a way rip the code from that site, make it invisible, and then embed it in a web page. Users visiting the page are tricked into making a series of seemingly innocuous clicks in what appears to be, say, a Whack-a-Mole type game, but in actuality you’re clicking though the process in Adobe’s code that opens up your computer to this site. Suddenly they have streaming video and audio of you, and you’re probably none the wiser.
Obviously, this is a major problem. One company could use it to spy on another. Or one could get caught going fapfapfap to some internet porn (no judgements) and suddenly find themselves the target of a blackmailing sceme. Currently the exploit only works on Mac computers and in Firefox and Safari browsers.
Apparently, Feross sent this bug to Adobe weeks ago, but he never heard anything back from them, so he decided to go public with it in order to force them to deal with it. It seems to have worked as Adobe has finally emailed him saying, “our product team is wrapping up their investigation and is now working on a fix, which should not require a Flash Player update.” Hopefully they’ll have a full fix implemented with a quickness, before anyone get’s recorded playing one-handed Whack-a-Mole, if you get my subtle innuendo. [Feross.org via The Register]