Researchers have identified a
vulnerability in some Adobe Flash Player versions that can be exploited
by attackers for spying on users having built-in webcams on their
computers — The spying remains completely discreet.
Flash player’s configuration panel allows creation of a list of sites that can access the device’s built-in microphone and webcam.
Alternately, users can manually enable the option to be asked
for permission before a site tries to access the computer’s audio and
video components.
Jouko Pynnönen, Klikki Oy researcher, reported that
the issue (CVE-2015-3044) discloses information that can be leveraged
in systems using earlier versions of Flash Player. This vulnerability
has been identified in versions that appeared before 17.0.0.169.
