The security issues just keep on rolling in – the latest is a flash vulnerability that allows an attacker to gain control of webcams and microphones. Rated ‘critical’ by Adobe, the bug affects all browsers using the flash plugin or player – a patch isn’t yet available although there is a workaround of some kind.
The issue relates to clickjacking, a serious security issue that has been around for some time. One can, by tricking a user into clicking on a particular link, unwittingly provide a hole through the browser. Generally invisible buttons are used to invoke this kind of action on the user’s part. In this case it’s a fairly sophisticated attack, leading to a compromise of locally-attached hardware.
The issue here is that this is a zero-day exploit – no patch is available yet; and you can imagine the amount of critical activity possible with this sort of thing.