Update: Adobe has fixed this issue by framebusting the Settings Manager pages. Now, 99.9% of the users are protected from this specific exploit. Congrats on the fast response. —-
Turn every browser into a surveillance zombie. The wet dream of every private eye and peeping tom. Imagine this scenario, you play a short game on the web and by doing that you unknowingly grant someone full access to your webcam and microphone.
I’ve made a live demo of it in here, this demo won’t listen or record any of your input.
If you don’t want to try it or don’t have a webcam connected, then check out the video.[kml_flashembed movie="http://www.youtube.com/v/gxyLbpldmuU" width="450" height="376" /]
When I've first heard about ClickJacking and how Adobe is concerned about it, I thought that the Flash Player Security Dialog must have been compromised. But the Security Dialog does a good job disabling itself when you try to mess with it's visibility through DHTML. Unless there's some 0-day issue with the Dialog it's probably relatively safe.
The problem here is the Flash Player Setting Manager, this inheritance from Macromedia might be the Flash Player security Achilles heel.
I've made it as a JS game to make it easier to understand, but, bear in mind that every Flash, Java, SilverLight, DHTML game or application can be used to achieve the same thing.
Some of the clicks are real game clicks other are jacked clicks. Every time the click is needed to be jacked the content simply move behind the iframe using z-index
I had doubts about publishing this, but, if I could have understand it so are the bad guys, so it's better to know about it.