Flash 11 + Mac OS X = You Being Recorded
I recently upgraded the Flash Player plugin and standalone app on my Mac. Being somewhat paranoid, I always have Activity Monitor open showing all currently running processes. Since at least Flash 11.1, any web page with embedded flash opened in any browser on Mac OS X 10.6 or higher will cause a process named VDCAssistant to launch - regardless of the flash code being invoked. What is VDCAssistant? It's the process that controls access to the iSight camera and microphone.

Adobe assures us that this isn't a security flaw, and has basically refused to fix the problem. Call me crazy, but launching a process that accesses the camera and microphone (WHICH I DIDN'T WANT TO BEGIN WITH APPLE!!!) in my face whenever I access the internet is to me a pretty serious security flaw. Let them know it! http://bugs.adobe.com/
Submitted by jonny
Comments (showing 7 of 7)
This can't be right. Macs never have any problems whatsoever.
7  
written by Ryjkyj

Tape/Disable/Disconnect the camera?

Not sure how to do that with internal mic though. I don't have a webcam and mic on my IBM PCs for that reason.
2  
written by ant

The Windows Flash player added a control panel to set whether the camera and mic are accessible to websites, don't know about Mac. You can still go here to adjust settings. Another option is just to remove the execute flag on the VDCAssistant file so it can't run.
1  
written by jimnms

VDCAssistant is launched regardless of the settings for Flash prefs (I have mic and camera set to blocked for all sites).

Pretty good idea, though, to just unset the executable flags on the app itself. Hadn't thought of that one. I don't really ever use them, so it wouldn't be a problem for me, but I think it would interfere with other apps that try to access them (like iChat, etc.).

>> ^jimnms:

The Windows Flash player added a control panel to set whether the camera and mic are accessible to websites, don't know about Mac. You can still go here to adjust settings. Another option is just to remove the execute flag on the VDCAssistant file so it can't run.

0  
written by jonny

black electrical tape isn't uncommon actually. I, for one, invite people to watch me fap...if that's what they're into more power to them.
2  
written by rottenseed

Lol - yes, I suppose there is that issue, rottenseed, but I was thinking in broader terms of computer security.
0  
written by jonny

Good news (I think). This appears to have been fixed as of flash player 11.3.
0  
written by jonny


login or sign up to comment