Adobe published a temporary workaround to protect the computer system against this form of attack that users should apply until the release of a patch that would fix the critical issue.

To apply the workaround users should visit the Flash Player’s Settings Manager by following the link. There they should click on the Always Deny button which would prevent any website from accessing the microphone and webcam settings.

The new setting has to be confirmed in the popup that appears automatically after clicking on the Always deny button. The patch is said to be available before the end of October.

Related posts

• Vulnerabilities in latest Flash version (4)
• Flash Cookies explained (63)
• Adobe Releases Flash 10.1 and Air 2.0 Previews (1)
• Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability (3)
• Adobe Fixes Critical Shockwave Vulnerability (12)

If the system meets the requirements the exploit is used to download and execute trojans that steal information and droppers that download additional trojans. Information that are stolen are for example World of Warcraft account information while the droppers download files that add the computer to a botnet. (according to Trendmicro)

Most antivirus companies have already updated their software to disable the possibility that this exploit can be used on the computer the software is running on. Your best bet if you do not use antivirus software is to either disable Flash for now or use an extension like NoScript to block Flash on every domain but trusted ones.

Related posts

• New Information about latest Flash Vulnerability (1)
• Mozilla Flash Upgrade Statistics (5)
• Mozilla Checks Flash Version After Firefox Updates (14)
• Adobe Flash Security Scan (2)
• Adobe Flash Player Clickjacking Vulnerability (1)