Adobe has released an update for its Flash Player media platform following the discovery of a flaw that left users vulnerable to camera spying attacks.
The flaw was discovered by Stanford University student and researcher Feross Aboukhadijeh. According to Aboukhadijeh, an attacker can craft a page that asks a user to click on a box or play a simple game which activates a hidden iframe window containing Adobe's Flash Player settings window.
When the user clicks on the button, the iframe window can then register the click as authorisation to activate the user's webcam and microphone.
Aboukhadijeh likened the attack to "click-jacking", a fraud process in which user clicks in a window are collected by a hidden window to perform such tasks as activate an advertisement or share information on social networking sites.
Aboukhadijeh said he reported the issue privately to Adobe weeks ago but had not received any response. According to an Adobe spokesperson, a communications error prevented the company from receiving Aboukhadijeh's report.
"The email with the report was sent to an Adobe employee who has been on sabbatical," the spokesperson said. "The issue was not reported to the Adobe Product Security Incident Response Team, which is the contact for all vulnerability reports."
The company was able to post the updated SWF file Thursday afternoon US Pacific time. The company said the updated file is hosted on its servers and no user updates or interactions will be necessary to patch the flaw.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago