Engineers on Thursday patched a hole in Adobe's ubiquitous Flash Player that allowed website operators to silently eavesdrop on visitors' webcam and microphone feeds without permission.
To be attacked, visitors needed to do no more than visit a malicious website and click on a handful of buttons like the ones in this live demonstration. Without warning, the visitor's camera and microphone were activated and the video and audio intercepted. (more)
Adobe: "We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required." (more)