Adobe Systems has announced it’s in the process of fixing a security vulnerability in Flash that would allow malicious web sites to remotely operate a user’s webcam and microphone.
The vulnerability is on Adobe’s server side, not on client-side software, and therefore does not require users to update their software.
Adobe told CNET it was hoping to have the fix done by the end of this week.
The vulnerability was discovered by Feross Aboukhadijeh, a Stanford University computer science student. Someone could use the vulnerability for a “clickjacking” attack, which involves hiding malicious code on a web page so that people who click on parts of the page would have their computers exploited. Aboukhadijeh prepared a video (above) demonstrating an attack scenario using the vulnerability.