Discover Yahoo! With Your Friends

Explore news, videos, and much more based on what your friends are reading and watching. Publish your own activity and retain full control.

To get started, first

YOUR FRIENDS' ACTIVITY

    Today in Tech

    Adobe Flash exploit allows websites to access your webcam without permission

    By Mike Wehner, Tecca | Today in Tech – Thu, Oct 20, 2011

    Your webcam can be a powerful tool for communicating with loved ones or even having a conversation with a world-famous luminary. But when that power is put into someone else's hands, it can have dire consequences. A new exploit of Adobe's Flash media application could potentially allow websites to access your webcam without your permission, opening the door for any number of unseemly people to peer into your world.

    The exploit — which only affects Macs thus far — can be performed on web surfers using Safari and Firefox web browsers. The gaping hole in Adobe's security features was discovered by a Stanford computer science major named Feross Aboukhadijeh, who brought it to the attention of Adobe. After weeks without a response, Aboukhadijeh decided to make the glitch publicly known, in an attempt to force Adobe's hand. His plan worked, and Adobe released a statement saying they were working on the problem, and the fix wouldn't require a Flash update.

    In the video above, the intrepid college student showcases just how the exploit can be performed, calling attention to a gap in Adobe's coding that was somehow completely overlooked. This unfortunate oversight is just another reminder than no matter how secure your computer may seem, your safety is ultimately in the hands of the people behind the scenes.

    This article originally appeared on Tecca

    More from Tecca:

    We apologize. An error has occurred. Please try again.
     

    19 comments

    • A nony mouse
      A nony mouse  •  7 mths ago
      Adobe sux.
      • B B
        B B 7 mths ago
        I quit using it, too bothersome to update many times a week
      • Mark
        Mark 7 mths ago
        I only enable flash on certain trusted sites. I agree about annoying updates, but McAfee is even more annoying because it wants to reboot my computer as soon as I log in. I'm tempted to switch to someone else's virus protection.
      • A nony mouse
        A nony mouse 7 mths ago
        If I could go one week, without an update it would be a miracle.
    • CheesyPoofNation.
      CheesyPoofNation.  •  7 mths ago
      Mines covered with a piece of square cardboard with tape. YOU can't see through that. I never worried with the XP laptop cause I had a USB Camera then, But the New Computer I have has it installed. Stupid FLASH & JAVA. If not for them we'd all be safer. They're about as safe as a Screen Door with hook & eyelet on the back of an Armored Car.
    • Ken F
      Ken F  •  7 mths ago
      Why is yahoo trying to force me into disclosing where I live??
      • Duane
        Duane 7 mths ago
        Very good question. I'd like to share my opinion of this with them but there is no way it would get read.
      • feralhiker
        feralhiker 7 mths ago
        More targeted advertising no doubt.
      • takebackgov
        takebackgov 7 mths ago
        I believe you can op out
    • chimera
      chimera  •  7 mths ago
      basically if you just keep your webcam unpluged when not in immediate use ,you shouldn't have anything to worry about anyway.my helpful hint of the day.
      • ren
        ren 7 mths ago
        Not if you have a laptop and the camera is integrated.
      • CheesyPoofNation.
        CheesyPoofNation. 7 mths ago
        Yeah, my old XP had none except the USB cam I bought. The new Computers have it built in the top. I just put the old piece of cardboard/tape over it. The Pervs and crooks are everywhere
      • Andrew
        Andrew 7 mths ago
        On a laptop with a built-in camera, you can disable it in device manager.
    • Joe
      Joe  •  7 mths ago
      Adobe is full of security holes. Ask your IT guy at work - they are worse than MS!
    • Gina
      Gina  •  7 mths ago
      News update. Flash sucked long before this. Slow, unsecure, klunky and bug-infested. News alert. It still is all that.
    • KF
      KF  •  7 mths ago
      Adobe sux, Yahoo sux, They all do. Once they become a big corporate bureaucracy it's just bad, sloppy tech, meet the quota, make the deadline, what are this quarters profits. Oh, and Apple sux, Microsoft sux, Goggle sux, etc.
    • Romulus
      Romulus  •  7 mths ago
      A small piece of electrical tape over your camera does the trick. There's quite few ways websites and certain programs can access your camera and even turn it on without the little green or red light which indicates your camera is on. I've began covering my camera about 2 years ago, when I did some testing on my own website and figured out that I could turn on the cameras of some of my friends when they visited my site.
    • Douglass
      Douglass  •  Jacksonville, United States  •  7 mths ago
      Google just made it mandatory for user of Youtube to upgrade to latest version(11) of Adobe flash player. I smell a conspiracy! lol
    • Ed
      Ed  •  7 mths ago
      Another thing with flash. Go to your control panel and click on Flash to see the options. Under the playback they automatically allow peer assisted networking, I have two problems with that. 1). don't store files on my computer for sharing and use up my bandwidth even if I am not using flash. 2) Can Adobe tell me that I am not liable for illegal file sharing if someone cracks into flash and start using it as a transfer hub? I mean flash makes a product but is there any type of restriction code that is built in so it cannot be used for that. Always remember, per your ISP contract, you are legally liable for anything that gets shared over your IP address. There is also a setting to disable camera use if you want to be safe.
    • Mike D.
      Mike D.  •  7 mths ago
      Good thing I keep my webcam covered when I'm not using it.
      • skull
        skull 7 mths ago
        thats the way it is. right on!
      • yippee
        yippee 7 mths ago
        And don't forget your tinfoil hat either.
      • Gigi
        Gigi 7 mths ago
        I cover my webcam too! Tinfoil hat not needed, I read the book, 1984 in High School, someone is always wanting to invade your privacy and once they do, they own you. Not tin-foil, but practical. Hear me now, believe me later...
    • Harold
      Harold  •  7 mths ago
      I'm safe update to 11 won't load to my machine no matter what I try
    • George Pìmpington
      George Pìmpington  •  7 mths ago
      Yeah if you're stupid enough not to have it disabled in the Windows device manager. This is a prime example of why most people shouldn't own a computer!
    • The Wiz
      The Wiz  •  7 mths ago
      Adobe Flash exploit allows websites to access your webcam without permission...

      This isn't "News".... we've been watching you for years....
    • Stoney McStonerson
      Stoney McStonerson  •  7 mths ago
      sounds more like a mac problem than adobe. people are exploiting mac's because they know what kind of morons use them.
    • ren
      ren  •  7 mths ago
      Its interesting how much people don't know. When something causes windows to crash its microsoft's fault. Nevermind that the crash is caused by a program or a hardware device from another company is doing what its not suppose to do and caused windows to crash. But its MS's fault. When adobe causes a problem on the mac its stupid adobe.
    • CoolD
      CoolD  •  New York, United States  •  7 mths ago
      This article should teach all of you fandroids a lesson that you should stop bashing the iPhone, iPad, and iPod touch for not having Flash... Steve Jobs was right on target when he decided not to bother putting Flash on iOS.
      HTML 5 rocks because it runs natively and reliably without third-party plugins!!!
      • Jack
        Jack 7 mths ago
        HTML5 doesn't even give you access to these features. It can not be used as a complete Flash replacement. Flash will continue to be better for sophisticated applications and games.

        Btw, a game created with Flash recently became the #1 seller on iPad.
      • ren
        ren 7 mths ago
        Thank you for letting us know that you know nothing about html5 and that its just a buzz word to you to be thrown around like you know what you are talking about. Are you in upper management? Incidentally, nobody can still come to a standard when it comes to video/audio in relations to html5 guidelines. html5 is not a software product like photoshop or flash. Its much much more and parts of it can replace what flash does but it cannot replace it in its entirety until later down the line because html5 is still too immature and requires alot of buy in from the big players.
      • CheesyPoofNation.
        CheesyPoofNation. 7 mths ago
        Flash and Java are a sieve.
    • DDT_IT
      DDT_IT  •  Clearwater, United States  •  7 mths ago
      You got to remember, once you are online, you are taking a risk to expose yourself to the whole world. Curiosity is a human nature. Even think about why the tabloids are selling so well? So, learn how to protect yourself. In this particular case. I'd just put a cover on the camera lens whether it's on or off.
    • Jack
      Jack  •  7 mths ago
      This article is silly. The flaw isn't in Flash, for one (and as Adobe says, they don't have to push a Flash update to fix it). A malicious website will have to trick you into clicking on some button that they've put over a hidden version of Adobe's security management controls. Then they're also going to have to figure out how to get past Adobe's security restrictions for uploading files (which also requires user interaction). And topping it off, it's not working for him on Windows. In short, this exploit will never be used. Since Adobe can address it without pushing an update, it won't be worth any thief's time. A far better approach would be to simply create an application that asks the user for permission - you'll get more victims that way than with something like this.

      Personally I'd like to see the kid put in jail though. Waiting a couple of weeks for a response to a single email and then posting a video with instructions for accomplishing the hack just because you haven't heard back is completely unprofessional. 2 weeks ago the Adobe Flash staff was madly preparing for its yearly conference.
     Post a comment

    Blogs